SSO/IAM/IDM
IAM
Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications. Users include customers, partners and employees; devices include computers, smartphones, routers, servers, controllers and sensors. The core objective of IAM systems is one digital identity per individual or item. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s or device’s access lifecycle.
Thus, the overarching goal of identity management is to grant access to the enterprise assets that users and devices have rights to in a given context. That includes onboarding users and systems, permission authorizations, and the offboarding of users and devices in a timely manner.
IDM
Identity management (IdM), also known as identity and access management (IAM) ensures that authorized people – and only authorized people – have access to the technology resources they need to perform their job functions. It includes polices and technologies that encompass an organization-wide process to properly identify, authenticate, and authorize people, groups of people, or software applications through attributes including user access rights and restrictions based on their identities.
An identity management system prevents unauthorized access to systems and resources, helps prevent exfiltration of enterprise or protected data, and raises alerts and alarms when access attempts are made by unauthorized personnel or programs, whether from inside or outside the enterprise perimeter.
SSO
Single Sign-On (SSO) is a service that is usually provided by a class of technology called Access Management. And there’s a good reason for that. Efficient SSO solution asks for user credentials just once. Then it needs to remember the fact that user is already authenticated. It needs session for this. That’s what access management does: session management. It also needs to pass the information that the user was authenticated to the applications. And also pass some data about the identity of the authenticated user.
But there’s one of the major drawbacks of this solution: for a SSO system to pass the authentication and identity data to the application the application must be able to receive them and correctly interpret them. But there is no universal way how to do this. There were several attempts to design a protocol for this purpose.
