Identity and Access Management
In our day today life we log in to different applications. We have our own credentials to log in.
Let’s think we have two friends with same name KATHY in our class room. What happens if the teacher asks “Kathy bring your book”. Both the students may get confused. So we need something unique to identify them separately. We can call them by their second name.
But their can be situations where we have twins with same names, plus who we cannot identify separately at once. So we need some other factors to identify them. May be a birth mark etc.
This is a simple scenario which shows what can we do for unique identification.
Now let’s move on to some deeper details.
Identifying someone uniquely is known as authentication. There are 3 ways that can be used for it.We can use a single factor or a multi factors to authenticate.
- Who user is -Bio metric things (finger print, eye,)
- What user have- (ATM card, token, ID)
- What user knows -(Password)
Authorization is giving permission to someone to do something or to have something.
For an example let’s take two employees from a company, one from HR department and other from engineering department. Employee from the HR department should be granted with the access permission to personal files of employees to a certain extent while engineering employee should not be granted with the access permission to those. So we need to authorize any user before giving access to employees personal profile.
Likewise all the companies need their clients, employees to access the company information in an easy,efficient and secure way. For that we have IAM.
Before I started searching about IAM I did not have any idea about IAM or what WSO2IS does. During my learning process I dug into a certain depth of details about IAM. As security in enterprise IT systems change constantly, we need to have updated and innovative security solutions. WSO2 IS is the best open source IAM solution which provides so many features.
What led to IAM?
Traditionally before IAM came to play we managed user identities and access privileges separately. There were various issues with the traditional approach.
Lets think there is a user who uses two applications which provides 2 different services by the same company.
According to the traditional approach the user need to create two accounts and log separately to two applications as they manage users separately in each application. This may lead to different issues.
- Higher chance of data breaches. A normal person can only keep 4 or 5 pairs of usernames and passwords in the mind.So most of the times users tend to write their user names and passwords somewhere or use same pair in all the applications.
- Less agility
- Low productivity,difficulty in managing etc.
So Identity and Access Management systems came to play to overcome these issues.
IAM manages identity and access privileges of users. Simply user authentication and account management is done in a central system. The core objective is maintaining a single identity for a user. It is a centralized IAM system.
When there are different applications connected to a Identity provider , those applications talk to the central IAM and take user details.
Main concepts of IAM.
- Centralized account management. User authentication and access management is done through a central system.
- User provisioning
- Single sign on (SSO)
- Multi factor authentication
- Adaptive Authentication
- Identity federation etc.
With the features of WSO2 IS which is an open source application as I mentioned above , helps in implementing a much secure IAM process for an enterprise.
References
WSO2 documentations
https://searchsecurity.techtarget.com/definition/identity-access-management-IAM-system.
https://www.csoonline.com/article/2120384/what-is-iam-identity-and-access-management-explained.html.
Originally published at https://medium.com on September 27, 2019.
