What is Identity and Access Management?


Have you ever heard the story of “Ali Baba and Forty Thieves”? (If not, you and I have had very different childhoods). The story says, thieves needed a password to access the thieves’ den and if (and only if) the password is correct, they get to access the den. This is called Identity and Access Management (IAM).

If someone asks you to introduce yourself or identify yourself, what would you say? You would say your name. What if there are many people with the same name as yours? Then you might say your name with your home town or if you are in an office with many departments and then you’d say your name with your department or with your designation to distinguish yourself from the others. This is what is meant by identity in real life and it simply is the way you authenticate yourself. Passport number, NIC number, driving license, PIN number, fingerprint, and DNA are few strong attributes of your character that convey your identity.

Security scan scene: Mission Impossible Ghost Protocol

What is Access Management? Can you remember this scene in MI-4 “Ghost Protocol”where only the army generals can enter some chambers of the Kremlin (If not, come on dude…. You haven’t seen Mission Impossible? Its way better than any of this stuff). One real world example would be using your work ID to open the doors of the work place. Folks, this is called Access Management. Basically, it means allowing the certain access privileges to authorized personnel only.

Let’s move into slightly more technical stuff about IAM. IAM systems have three types of identifiers, in technical terms: three knowledge factors. They are,

  • What you know
  • What you have
  • What you are

1. What you know

This is the most common identification technique used in IAM systems. This refers to something that only you would know (not even your better half). The most common application is the use of passwords. Some other forms could be PINs for ATMs or a PIN for your mobile phone. The good thing is that you will not misplace or loose this cus this is something you are most likely to remember, which stays in your mind (safe unless you lose your mind).

This is a very user-friendly method which has some downsides as well. Most people use same password for all their apps. So, if someone gets to know your password, he/she (Hey, not only boys have all the fun!) can easily access all your applications. Most of these passwords are very simple and very easy to crack. Nowadays applications ask for strong passwords so that they can try to get around this issue.

2. What you have

This refers to something that you possess to authenticate yourself. It can be an NIC, a passport, a driver’s license, a passbook of the bank or university ID card etc. This is more secure than passwords since you can present this as physical evidence and may also solve the issue of one forgetting passwords, pins etc.

The cost factor is one disadvantage in this system. Since these are physical items, they may get lost or can be stolen and used to access one’s valuable resources. Imagine if someone steals your wallet which had your NIC, credit cards and driving license. Feels like the whole world is gonna crash on you, right? Too much? Ok, imagine your wife or girlfriend took your credit card without asking you and bought tons of stuff (lol let me know which one is the worst). These are several disadvantages of this system.

3. What you are

This factor refers to authenticating an individual based on biological data. This is the most accurate method to identify someone and is used for high security applications. Fingerprint scanning, iris scanning, facial recognition, voice recognition and DNA scanning can be used as biological data. There are many pros in this technique. The main advantage of this technique is that it lets us achieve a high level of accuracy since biological data is unique for every person. One of the main disadvantages of this technique is the cost of implementation. Another issue is that the bio data of a person is confidential, such as fingerprint, blood, DNA, sexual orientation etc (Not all people like to expose these facts about themselves). Therefore, the biggest concern is the privacy of someone’s bio data.

The above techniques are being used by different systems around the world depending on the scale of security that the system requires. With the rapid development of technology, security has become a major concern. Therefore, modern day systems have combined all three factors to increase the level of security.

Need a highly secure IAM System? Make sure to check out the WSO2 Identity Server which provides a number of out of the box features to protect your valuable data and is seamless and easy to implement.

Congratulations, you have now successfully gone through my first-ever blog post (I’m surprised you got this far). Thank you for going through this. Let me know how you feel. CHEERS!

📝 Read this story later in Journal.

🗞 Wake up every Sunday morning to the week’s most noteworthy Tech stories, opinions, and news waiting in your inbox: Get the noteworthy newsletter >

A big eager beaver