Skip to main content

What is Identity and Access Management?

Two very similar acronyms are often used when talking about identity and access management (IAM): IdM and IAM.  IdM stands for Identity Management, which is a subset of IAM, or Identity and Access Management.  The two sets of functionality – the management of identities and the management of access - are obviously very tightly connected, and they are often mistakenly conflated. 

Identity Management (IdM) encompasses the maintenance tasks associated with the lifecycle of electronic identities: provisioning, de-provisioning, and handling changes in between.  The IdM system also makes those identities, and a set of attributes for each identity, available via published directories, which can be used by surrounding applications to authenticate a person’s credentials at the time of requested access and receive attributes about that person in return. 

Access Management (the “AM” in IAM) encompasses the tasks associated with providing access to resources once a person’s credentials have been authenticated.  The identity management system makes no decisions about access to surrounding applications, only about the verification of credentials.  The applications are, or should be, responsible for defining the business rules that authorize people’s access to resources (e.g., read/create/update/delete data, gain access to a building) and implementing those rules based on personal attributes associated with an electronic identity.  Together, these two sets of functionality – authentication and authorization - comprise IAM – Identity and Access Management.

Last Updated: 5 June 2015

Get Help Back to top