Understanding identity and access management
Identity and access management (IAM) is all about controlling access to IT systems that are critical to a business. A key element of IAM is Role-Based Access Control, RBAC for short. In an RBAC model, we define who is alleged to have access to systems, what their role is, and what they are allowed to do according to that role. An important principle of RBAC is least privilege, meaning that a system administrator will only get the rights assigned that are required to perform the job assigned. For example, a database administrator needs access to the database, but it's not very likely that they will need access to network switches too.
In this chapter, we will discuss concepts such as single sign-on (SSO), multi-factor authentication (MFA), and Privileged Access Management (PAM). Before we go into that, let's have a look at the basics of IAM. There are three layers that we have to consider in our architecture:
- Managed identities: In...