Skip to main content
HashnodeIsabella's Cyber NotesIsabella's Cyber Notes

Command Palette

Search for a command to run...

Identity and Access Management (IAM)

Updated
3 min read
I
isabellaguran
Building a Cybersecurity foundation
Part of seriesCompTIA Security+
  1. The Identity Lifecycle (Provisioning)

This is the "etc" you were looking for! It covers how an account exists from birth to death.

Account Provisioning: The process of creating an account, assigning a username, and granting initial permissions based on the user's role.

Self-Service: Allowing users to manage parts of their own account (like password resets) to reduce IT overhead.

Account Maintenance: The ongoing process of updating permissions as a user moves departments (preventing Permission Creep).

Account Deprovisioning: The critical step of disabling or deleting accounts when an employee leaves. If skipped, it creates "Orphaned Accounts" that hackers love.

  1. Identity Providers (IdP) & Federation

How we manage "Who are you?" across different systems.

Identity Provider (IdP): The system that holds the user’s credentials (like Active Directory or Okta).

Federation: Allows a user to use one set of credentials to access multiple different networks or organizations (e.g., using your corporate login to access a third-party payroll site).

Single Sign-On (SSO): A subset of federation. Log in once, access everything.

SAML (Security Assertion Markup Language): Used for web-based SSO (uses XML).

OAuth / OpenID Connect: Used for API and mobile app authentication (like "Login with Google").

  1. Authentication (Something you...)

To prove who you are, you need Multi-Factor Authentication (MFA). You must know these categories:

Something you Know: Passwords, PINs, security questions.

Something you Have: Key fobs, Smart Cards, SMS codes, Authenticator apps.

Something you Are: Biometrics (Fingerprints, facial recognition).

Something you Do: Your typing rhythm or gait (walking pattern).

Somewhere you Are: Geolocation/IP filtering.

  1. Authorization & Access Control Models

Once you are logged in, what can you touch?

RBAC (Role-Based Access Control): Permissions are assigned to a Role (e.g., "Manager"), and users are put into that role. Most common in business.

ABAC (Attribute-Based Access Control): The most flexible. Access is based on attributes (e.g., "Allow access if user is in Sales AND it is between 9 am–5 pm AND they are in the office").

MAC (Mandatory Access Control): The most rigid (Military style). Data has a "Secret" label, and the user must have a "Secret" clearance to see it.

DAC (Discretionary Access Control): The owner of the file decides who gets access. Very flexible but less secure.

  1. Management & Auditing

Privileged Access Management (PAM): Extra security for "Superuser" accounts (Admins). Includes credential vaulting and session recording.

Access Reviews / Recertification: Periodic audits to make sure people still actually need the permissions they have.

Comments

Join the discussion

No comments yet. Be the first to comment.

CompTIA Security+

Part 10 of 13

Notes for Security+ Exam

Up next

Quiz: IAM & Account Management

A technician is removing all access for an employee who was terminated this morning. What is this process called? A) Provisioning B) Maintenance C) Deprovisioning D) Federation Which protocol is pri

More from this blog

I

Isabella's Cyber Notes

13 posts