Fundamentals of IAM
Checking access...
Identity and Access Management (IAM) is the discipline that ensures the right people have the right access to the right resources at the right time. This module covers the foundational building blocks of any IAM program.
Hands-On Lab
This module includes a practical AWS IAM guide where you will create a real AWS account, build users/groups/policies, and test permissions end-to-end. AWS IAM is the most widely deployed IAM system — understanding its policy language and access model is essential for any IAM professional.
Core Concepts
Identity Lifecycle
Every digital identity follows a lifecycle: creation → provisioning → maintenance → deprovisioning. Understanding this flow is essential to designing secure IAM systems.
- Joiner — Onboarding users, creating accounts, assigning initial access
- Mover — Role changes, department transfers, access modifications
- Leaver — Offboarding, account disabling, credential revocation
Identity Directories
Directories are the authoritative source for identity data. Common directory services include:
- Active Directory (AD) — Microsoft’s directory service for Windows environments
- LDAP — Lightweight Directory Access Protocol, the open standard
- Cloud Directories — Azure AD, Okta Universal Directory, Google Cloud Identity
User Provisioning
Provisioning is the process of creating, updating, and deleting user accounts across target systems. Modern IAM platforms support:
- Just-in-Time (JIT) Provisioning — Accounts created on first access
- Synchronization — Bi-directional sync between HR systems and directories
- SCIM — System for Cross-domain Identity Management, the open provisioning standard
Module Pages
| Page | Covers |
|---|---|
| What Is IAM? | Core concepts, business drivers, capabilities, relationship between IAM and security |
| Digital Identity & Proofing | Identity types, NIST IAL levels, identity proofing lifecycle |
| The Identity Lifecycle | Joiner-Mover-Leaver framework, deprovisioning deadlines, just-in-time provisioning |
| Identity Directories | AD, LDAP, cloud directories, directory integration patterns |
| User Provisioning | Provisioning models, SCIM, HR sync, deprovisioning automation |
| Authentication & MFA | Authentication factors, MFA methods, FIDO2/WebAuthn, passwordless |
| Authorization Models | RBAC, ABAC, PBAC, ReBAC, policy-based authorization |
| AWS IAM — Practical Guide | Hands-on lab — AWS free tier, IAM users/groups/policies/roles, CLI, least privilege |
| IAM Governance | Access certification, SoD, identity analytics, compliance reporting |
| IAM Architecture | Hub-and-spoke, cloud-hybrid, zero trust, identity fabric |
| Flashcards | Test your knowledge |
Key Takeaways
By the end of this module, you should understand the identity lifecycle, the role of directories, how provisioning connects IAM to the wider enterprise ecosystem, and how to apply these concepts in practice through AWS IAM.