Skip to main content


Home Identity and access management

Identity and access management

(also IAM)

Identity and access management definition

Identity and access management (IAM) is a framework of policies, processes, and technologies designed to manage digital identities and people's access to systems, applications, and data within an organization. The primary goal of IAM is to protect a company's data and systems from unauthorized access and potential cyber-attacks.

See also: network access control, rogue access point

Building your IAM framework

The specific policies that should be included in an IAM framework can vary depending on the needs and requirements of the organization. Here are the most common ones:

  • Authentication. This policy specifies the authentication methods that the organization will use, like passwords, tokens, biometrics, or multi-factor authentication.
  • Authorization. This policy specifies the access control mechanisms that will be used to determine who has access to what resources based on their roles, permissions, and other factors.
  • Passwords. This policy specifies the requirements for creating and managing user passwords, like their length, complexity, and expiration time.
  • User provisioning. This policy dictates how user accounts will be created, managed, and deactivated within the organization's systems and applications.
  • Data classification. This policy oversees how the organization's data will be classified based on its sensitivity and defines the access controls mechanisms that should be applied based on the classification.
  • Incident response. This policy specifies the procedures for responding to IAM-related incidents like data breaches or unauthorized access attempts.