Identity-based security ensures that users are who they claim to be, and that they can access the digital resources they need, using the devices that they want to use. These processes and technologies are known as identity and access management (IAM).
IAM processes and technologies determine who has access to what. The "who" is specified during authentication and the "what" is specified during authorization.
We're all familiar with typical sign-on processes. When you sign on to your system, you prove that you are who you claim to be by providing:
The information you provide is compared to your information stored in the identity management database, and if it matches, you are signed on to your system. This process is known as authentication.
After you're signed on, processes occur that determine which applications and files you're allowed to access and what you're allowed to do when you access them. For example, if you have direct reports, you're likely able to access an application to approve their expense reports, but you're not able to approve your own. This process is known as authorization.
You’ve likely experienced this yourself when you have signed into your favorite streaming service. You enter your username and password and the service compares your credentials with the data in their system. If there is a match, it means they’ve authenticated your identity and they can now authorize you to access the streaming service.
The authentication and authorization methods used to protect digital resources depend on the resource. For example, if you want to access an online retail site that is available to the public, you might only need to provide a username and password. However, if you want to access your bank account, your sign-on process is likely more complicated.
In many situations, requiring users to provide a username and password is sufficient. Problems arise because passwords are hard to remember, often reused, and need to be changed frequently. They’re also often shared with others and reused across accounts, as indicated here.
The goal is to design an IAM system that keeps valuable resources secure, while providing users with the best possible sign-on experiences.
There’s no limit to the number of ways organizations can verify digital identities and control access to their digital resources. This site explores the most common authentication and authorization methods available and explains how they work at a high level. It also provides background information about IAM, why it’s important, and how the different ways of handling identity management compare.
Start Today
See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.
Request a FREE Demo