Skip to main content

Skillber v1.0 is here!

Learn more

Fundamentals of IAM

Checking access...

Identity and Access Management (IAM) is the discipline that ensures the right people have the right access to the right resources at the right time. This module covers the foundational building blocks of any IAM program.

Hands-On Lab

This module includes a practical AWS IAM guide where you will create a real AWS account, build users/groups/policies, and test permissions end-to-end. AWS IAM is the most widely deployed IAM system — understanding its policy language and access model is essential for any IAM professional.

Core Concepts

Identity Lifecycle

Every digital identity follows a lifecycle: creation → provisioning → maintenance → deprovisioning. Understanding this flow is essential to designing secure IAM systems.

  • Joiner — Onboarding users, creating accounts, assigning initial access
  • Mover — Role changes, department transfers, access modifications
  • Leaver — Offboarding, account disabling, credential revocation

Identity Directories

Directories are the authoritative source for identity data. Common directory services include:

  • Active Directory (AD) — Microsoft’s directory service for Windows environments
  • LDAP — Lightweight Directory Access Protocol, the open standard
  • Cloud Directories — Azure AD, Okta Universal Directory, Google Cloud Identity

User Provisioning

Provisioning is the process of creating, updating, and deleting user accounts across target systems. Modern IAM platforms support:

  • Just-in-Time (JIT) Provisioning — Accounts created on first access
  • Synchronization — Bi-directional sync between HR systems and directories
  • SCIM — System for Cross-domain Identity Management, the open provisioning standard

Module Pages

PageCovers
What Is IAM?Core concepts, business drivers, capabilities, relationship between IAM and security
Digital Identity & ProofingIdentity types, NIST IAL levels, identity proofing lifecycle
The Identity LifecycleJoiner-Mover-Leaver framework, deprovisioning deadlines, just-in-time provisioning
Identity DirectoriesAD, LDAP, cloud directories, directory integration patterns
User ProvisioningProvisioning models, SCIM, HR sync, deprovisioning automation
Authentication & MFAAuthentication factors, MFA methods, FIDO2/WebAuthn, passwordless
Authorization ModelsRBAC, ABAC, PBAC, ReBAC, policy-based authorization
AWS IAM — Practical GuideHands-on lab — AWS free tier, IAM users/groups/policies/roles, CLI, least privilege
IAM GovernanceAccess certification, SoD, identity analytics, compliance reporting
IAM ArchitectureHub-and-spoke, cloud-hybrid, zero trust, identity fabric
FlashcardsTest your knowledge

Key Takeaways

By the end of this module, you should understand the identity lifecycle, the role of directories, how provisioning connects IAM to the wider enterprise ecosystem, and how to apply these concepts in practice through AWS IAM.