Identity and Access Management (IAM)
6 lessons ~3h
Who can access what, and how that is proven and governed. Covers identification/authentication (incl. MFA and passwordless), the access-control models (RBAC, ABAC, MAC, DAC, rule/risk-based), federation and SSO, the provisioning lifecycle, and Zero Trust enforcement points.
Recommended reading
Lessons
- 5.1
Control physical and logical access to assets
Access control applies uniformly to information, systems, devices, facilities, applications, and services.
~20 min
- 5.2
Design identification and authentication strategy
Know the three authentication factors, MFA and passwordless, the AAA model, SSO, JIT access, and identity proofing/registration. Covers people, devices, and services.
~40 min
- 5.3
Federated identity with a third-party service
Federation extends identity across trust boundaries. Know SAML, OAuth 2.0, and OIDC, and the on-prem / cloud / hybrid deployment models.
~25 min
- 5.4
Implement and manage authorization mechanisms
The most testable IAM lesson. Distinguish RBAC, rule-based, MAC (labels/clearances), DAC (owner-discretion), ABAC (attributes), and risk-based, plus PDP/PEP enforcement.
~45 min
- 5.5
Manage the identity and access provisioning lifecycle
Govern identities from joiner to leaver: provisioning/deprovisioning, access reviews, role transitions, service-account management, and controlling privilege escalation.
~30 min
- 5.6
Implement authentication systems
Know the protocols behind enterprise auth: Kerberos (tickets, KDC), RADIUS/TACACS+, OpenID Connect, and OAuth 2.0.
~30 min