twobee - Fotolia
Years ago, when users required access to a specific system, application or other corporate resource, they were provided a username and password tied to the necessary access required for that specific user.
While this was a viable option when the number of IT services was small, it didn't take long before the number of accounts a user had to manage reached a dozen or more. To keep track of all these account usernames and passwords, many end users resorted to writing down their account information on sticky notes that they stuck to their monitors for all to see. Understandably, that type of password management is a big no-no by anyone's security standards. Thus, IT needed a way to better manage the growing number of user accounts. The answer was identity access management (IAM). Here's how it works and a brief rundown of identity access management benefits:
An employee is a single user and therefore has a single identity. So, why was each person required to manage dozens of accounts? The application or resource controlled who has access to it, so each one maintains its own account database containing usernames, passwords and the level of access each user has within the resource. IAM takes all of these scattered management processes and centralizes them for each enterprise resource. It does this by either integrating with the decentralized applications and systems -- or replaces them completely.
Granting access based on user roles and policies
Among key identity and access management benefits, an IT administrator can use IAM to create a single username to identify a user, granting access rights to various digital resources based on predefined user roles. This significantly cuts down on user onboarding and offboarding times. It also helps reduce the chances of granting access rights to a user who should not have access.
From an end-user perspective, with IAM a single username and password can access all the necessary resources required for their roles. In many cases, employees can enter a username and password just one time at login. This single sign-on then grants the user access to all resources without the need to authenticate to each one individually. It also streamlines password management procedures that have caused headaches in the past.
Dig Deeper on Enterprise identity and access management
Related Q&A from Andrew Froehlich
A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be ... Continue Reading
Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important. Continue Reading
Simulating an attack against your network is one of the best ways to remediate security holes before the bad guys find them. Here, learn penetration ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.