IAM (Identity and Access Management)

Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network users and the circumstances in which users are granted (or denied) those privileges. Those users might be customers (customer identity management) or employees (employee identity management. The core objective of IAM systems is one digital identity per individual. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s “access lifecycle.”

IAM systems provide administrators with the tools and technologies to change a user’s role, track user activities, create reports on those activities, and enforce policies on an ongoing basis. These systems are designed to provide a means of administering user access across an entire enterprise and to ensure compliance with corporate policies and government regulations.

IAM tools


Identity and management technologies include (but aren’t limited to) password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories. Identity management systems are available for on-premises systems, such as Microsoft SharePoint, as well as for cloud-based systems, such as Microsoft Office 365.

API security enables IAM for use with B2B commerce, integration with the cloud, and microservices-based IAM architectures. Forrester sees API security solutions being used for single sign-on (SSO) between mobile applications or user-managed access. This would allow security teams to manage IoT device authorization and personally identifiable data.

Customer identity and access management (CIAM) allow “comprehensive management and authentication of users; self-service and profile management; and integration with CRM, ERP, and other customer management systems and databases,” according to the report.

Identity analytics (IA) will allow security teams to detect and stop risky identity behaviors using rules, machine learning, and other statistical algorithms.

Identity as a service (IDaaS) includes “software-as-a-service (SaaS) solutions that
offer SSO from a portal to web applications and native mobile applications as well as some level of user account provisioning and access request management,” according to the report

Identity management and governance (IMG) provides automated and repeatable ways to govern the identity life cycle. This is important when it comes to compliance with identity and privacy regulations.

Risk-based authentication (RBA) solutions “take in the context of a user session and authentication and form a risk score. The firm can then prompt high-risk users for 2FA and allow low-risk users to authenticate with single factor (e.g., username plus password) credentials,” according to the report. (For more on authentication, see “Ready for more secure authentication? Try these password alternatives and enhancements.”)