Identity and Access Management (IAM)

Identity and Access Management (IAM)
In IAM, I is about managing the digital identity of users, applications or any software entities; A is about the user privileges/entitlements to access web-enabled Enterprise resources.
The diagram shows Identity and Access Management in two distinct layers with provisioning at the epicenter of Identity Management Layer (circle).

Identity management lifecycle is the process of creation, maintenance and deletion of digital user accounts. Identity management when complemented with provisioning provides full benefit to an enterprise by efficiently managing the users across heterogeneous platforms.User is provisioned to heterogeneous systems by means of Identity management & User provisioning tools like Sun Identity Manager, CA Identity Minder etc. Access to Web-based applications which are hosted on these backend systems are enforced by means of access control tools - CA Siteminder, Sun Access Manager etc.
Why Identity Management? To understand the need for user identity management in an organization, we need to examine the existing mechanisms by which the user accounts are provisioned. In a typical scenario, when a new hire joins an organization, it take several days for the recruit to get proper access for the systems he/she needs. The manager of the new-recruit is responsible for defining the role to the UNIX admins, NT admins and other ERP, CRM application Admins/or legacy application admins, to successfully create an account with the required privileges. The manager has to call/email the details about the new recruit or, the new-recruit him/herself has to be present at each of these departments to get the account created & activated. Also, the reverse process, i.e. when an employee leaves the organization his/her account has to be deactivated. This is a tedious and cumbersome process unless the employee remembers all the systems he/she has access to during his stint. There was no one stop solution for user creation, maintenance and deletion. Identity management tools allow for automating user creation/maintenance and deletion. It allows for centralized user management through its user interface and account creation/deletion is enabled through exchange of email approvals from account approvers. Provisioning complements identity management by creating/reconciling/deleting accounts in various back-end systems. Most of the identity managemenet suites comes with provisioning and workflow.
Access Management
While Identity management targets user lifecycle, access management is for protecting web-based resources of an organization. So far, every business unit in an organization maintains its own set of user repositories. Access management is a step towards consolidating these user repositories to enable simplified single-signon (SSO) access and enhance end user ease of navigation.