Identity and Access Management (IAM)

Regardless of where employees are working, they need to access their organization’s resources like apps, files, and data. The traditional way of doing things was to have the vast majority of workers work on-site, where company resources were kept behind a firewall. Once on-site and logged in, employees could access the things they needed.

Now, however, hybrid work is more common than ever and employees need secure access to company resources whether they’re working on-site or remotely. This is where identity and access management (IAM) comes in. The organization’s IT department needs a way to control what users can and can’t access so that sensitive data and functions are restricted to only the people and things that need to work with them.

IAM gives secure access to company resources—like emails, databases, data, and applications—to verified entities, ideally with a bare minimum of interference. The goal is to manage access so that the right people can do their jobs and the wrong people, like hackers, are denied entry.

Starting Points

• IAM
• Secret Management
• Service Account
• OIDC
• Passkeys (Advanced)

Key Points

• You know how to handle secrets using a specific secret manager
• You know how to handle the power and danger of service accounts
• You know the advantages of an OpenID connection