Identity Fundamentals


Identity-based security ensures that users are who they claim to be, and that they can access the digital resources they need, using the devices that they want to use. These processes and technologies are known as identity and access management (IAM). 


IAM processes and technologies determine who has access to what. The "who" is specified during authentication and the "what" is specified during authorization. 
 

Authentication and authorization


We're all familiar with typical sign-on processes. When you sign on to your system, you prove that you are who you claim to be by providing:
 

  • Something you know, for example, a password.
  • Something you have, for example, a smartphone.
  • Something you are, for example, fingerprints or retina scans.

The information you provide is compared to your information stored in the identity management database, and if it matches, you are signed on to your system. This process is known as authentication.


After you're signed on, processes occur that determine which applications and files you're allowed to access and what you're allowed to do when you access them. For example, if you have direct reports, you're likely able to access an application to approve their expense reports, but you're not able to approve your own. This process is known as authorization.

You’ve likely experienced this yourself when you have signed into your favorite streaming service. You enter your username and password and the service compares your credentials with the data in their system. If there is a match, it means they’ve authenticated your identity and they can now authorize you to access the streaming service.

The authentication and authorization methods used to protect digital resources depend on the resource. For example, if you want to access an online retail site that is available to the public, you might only need to provide a username and password. However, if you want to access your bank account, your sign-on process is likely more complicated.


In many situations, requiring users to provide a username and password is sufficient. Problems arise because passwords are hard to remember, often reused, and need to be changed frequently. They’re also often shared with others and reused across accounts, as indicated here.

The goal is to design an IAM system that keeps valuable resources secure, while providing users with the best possible sign-on experiences.


There’s no limit to the number of ways organizations can verify digital identities and control access to their digital resources. This site explores the most common authentication and authorization methods available and explains how they work at a high level. It also provides background information about IAM, why it’s important, and how the different ways of handling identity management compare.
 

  • Identity and Access Management: Identity and access management (IAM) ensures that the right people (identity) can access the right resources (access management) at the right times, for the right reasons. Learn about some of the common challenges organizations face, situations currently putting many organizations at risk, and IAM best practices.

  • Identity Providers and Service Providers: Learn about the identity provider (IdP) and service provider (SP) roles, and how they work together to create seamless user sign-on experiences.

  • Centralized and Decentralized Identity Management: Explore the fundamental differences between centralized and decentralized identity management.

  • Zero Trust Security: Zero trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before accessing applications and data. Learn more about it and how it works.

  • Authentication: Authentication is the process of determining whether someone or something is who or what it says it is. Learn about the methods available and the verification factors used for each method.

  • Authorization: Authorization is the process of giving users access to digital resources. Learn about the methods available and how they are used to control access.

  • Authentication and Authorization Standards: There are three well-known authentication and authorization standards used in today's world: OAuth, OpenID Connect (OIDC), and SAML. Learn about the primary differences between these three standards.

  • Orchestration: Learn how easy it is to quickly design, test, and deploy seamless experiences using no-code, visual flow orchestration technology.
     
Identity Fundamentals
Identity and Access Management
Agentic AI
Key IAM Considerations to Support Agentic AI
AI Agent Classes and Use Cases
IAM Best Practices for AI Agents
B2B Identity and Access Management
Identity Providers and Service Providers
Centralized Identity Management
What is Centralized Identity Management?
How Does Centralized Identity Management Work?
Centralized Identity Standards
SAML
OAuth
OpenID Connect (OIDC)
Decentralized Identity Management
What is Decentralized Identity Management?
How Does Decentralized Identity Management Work?
How is Decentralized Identity Different?
Decentralized Identity Standards
Common Terms
Zero Trust Security
Orchestration
Authentication
Single-factor, Two-factor, and Multi-factor Authentication
Passwordless Authentication
FIDO (Fast Identity Online)
Risk-based Authentication
Certificate-based Authentication
Token-based Authentication
Single Sign-On (SSO)
Federated Identity Management
Continuous Authentication
CHAP Authentication
Authorization
Authorization Methods
User and Account Provisioning
Single Sign-on with a Directory
Dynamic Authorization
Protocols
LDAP
SCIM
WebAuthn
Kerberos
WS-Trust
Verification
Expand All | Collapse All

Start Today

Contact Sales

sales@pingidentity.com

See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.