Tech topics

What is Identity and Access Management?

Illustration of IT items with focus on a laptop

Overview

Identity and Access Management (IAM) is a system that allows organizations to manage digital identities of their employees, customers, and other stakeholders. It helps ensure that only authorized individuals have access to the resources and systems they need to perform their job duties or access certain services.

Gartner defines IAM as the “discipline that enables the right individuals to access the right resources at the right times for the right reasons.”

IAM systems are an essential component of an organization's security and compliance strategy, as they help protect sensitive information and systems from unauthorized access. They can also help organizations streamline their operations, improve efficiency, meet various regulatory requirements and more.

Overall, IAM is a vital tool for organizations to secure their assets and ensure that only authorized individuals can access the resources and systems they need.

Unlocking the power of secure Identity and Access Management

On the NetIQ Identity & Access Management team, we believe that “identity powers security.” It should be central to your decision making. We cover everything from privilege discovery through least-privilege delegation and credential vaulting, to change monitoring and activity tracking. The key is identity, which is vital to everything we do.

Contact us

Identity and Access Management

What are the benefits of Identity and Access Management?

In addition to reducing the risk of unauthorized access and managing digital identities, IAM systems can also bring numerous benefits to your organization, including:

Improved security: IAM systems help reduce the risk of unauthorized access to sensitive data and systems by implementing strong authentication methods and role-based access controls.
Increased efficiency: IAM systems can automate many of the tasks related to employee identity management, password self-service, meet compliance requirements, automate reporting, and detect threats which can save time and reduce the workload for IT staff.
Greater agility: With an IAM system in place, organizations can more easily add and remove users, as well as adjust their access permissions, which can help them respond more quickly to changing business needs.
Improved user experience: By simplifying access to all necessary systems and resources through a single set of credentials, making it easier for users to complete their tasks.
Better data protection: IAM systems can help organizations protect personal and financial data by implementing strong access controls and ensuring that only authorized users have access to sensitive information.

How does IAM improve regulatory compliance?

Identity and Access Management (IAM) enables enhanced compliance. Many regulations and industry standards, such as General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPPA), require organizations to implement robust IAM systems. By implementing IAM, organizations can more easily meet these requirements.

How does Identity and Access Management work?

The Identity and Access Management (IAM) framework will include a variety of policies, procedures, and technologies that are unique to an organization to help manage identities and access services.

This can include the lifecycle of an employee. For example, when a new employee is added to a system, a new digital identity will be created and the automated system will request information such as their name, contact information, job role and more. As the relationship begins with the employee and organization, so does IAM’s Full Identity Lifecycle Management process:

Relationship begins (provisioning): Once an employee's identity has been authenticated, the IAM system will determine what resources and systems the employee is authorized to access based on their job duties and responsibilities. The system will then grant the employee the appropriate access permissions.
New username and password (authentication): When an employee attempts to access a system or resource, the IAM system will verify their identity. This is typically done through a login process that involves the employee entering their credentials, such as a username and password. Strong authentication methods, such as multi-factor authentication (MFA), may be used to provide an additional layer of security.
Access management (authorization & permissions): The IAM system will continuously monitor the employees’ access to ensure that they only have access to the resources and systems they need to perform their job duties. If the employee's role or responsibilities change, the IAM system will update their access permissions accordingly.
Relationship ends (deprovisioning): When an employee leaves the organization or no longer requires access to certain resources, the IAM system will revoke their access permissions and disable their digital identity.

By implementing an IAM system and following established policies, organizations can reduce the risk of human error and streamline their operations to improve efficiency. IAM systems can automate tasks such as employee onboarding and offboarding, which can help reduce the workload for IT staff. By leveraging the many capabilities of IAM systems, organizations can better manage their digital identities and access to resources, resulting in improved efficiency and reduced risk.

How does IAM apply to workforce and customer identities?

Workforce identity
Using IAM to manage workforce identities enables an efficient, work‐from‐anywhere workforce. You can control your level of trust through continuous risk evaluation across the whole user session, start to finish.

Customer identity
Customer (or consumer/citizen) identity and access management (CIAM) focuses on managing and controlling external (customer) parties' access to a business’s applications and digital services. CIAM enables a secure, seamless user experience. It’s recommended to use a platform that offers purpose‐based controls for customers engaging with your services and resources.

How does IAM help achieve zero trust?

Zero trust and IAM go hand in hand when it comes to protecting your organization's systems and data from potential threats. What is zero trust? Zero trust is a security model that assumes that all users and devices are untrusted until proven otherwise, and IAM is the system that helps you securely manage these digital identities. By including IAM in your zero-trust strategy you are protecting your organization from potential threats and enhancing your overall security posture.

Identity and Access Management (IAM) is the foundation for achieving a zero-trust security model. NetIQ’s purpose is to help organizations protect sensitive information by automating privileges and access controls to ensure appropriate access to applications, data, and resources. In other words, we assist our customers in implementing IAM systems that help them achieve zero trust.

What are the key components of Identity and Access Management?

A comprehensive IAM platform can provide secure access, effective governance, scalable automation, actionable analysis, and insight across all your Cloud, Mobile, & Data platforms. Core capabilities include:

ADAPTIVE ACCESS

User Authorization
Access Control
Access Management
Single Sign-On
Federation
Risk Based Authentication
API Management
API Security
Privileged Access
Bastion Server
Credential Management
Multi-factor Authentication
Secure Remote Access
Biometrics

GOVERNANCE

Access Governance
Role Based Access Control
Attribute Based Access Control
Least Privileged Access
Data Access Governance
Risk Mitigation
Data Breach Prevention
Policy Management

AUTOMATION

User Provisioning
Identity Management
Identity Lifecycle Management
Automated Provisioning

ANALYSIS & INSIGHTS

Unsupervised Machine Learning
Identity Analytics
Business Impact Analysis
Behavioral Analytics
Business Impact
Compliance insight

What is the NetIQ IAM platform?

NetIQ's Identity and Access Management (IAM) platform offers a comprehensive set of IAM services for both employee and customer identities. With its wide range of identity and access services, NetIQ's IAM platform can help organizations manage all their digital identities, ensuring that only authorized individuals have access to the resources and systems they need.

NetIQ’s IAM platform includes: Identity Governance and Administration, Access Management, Privileged Access Management, and Policy Orchestration. Together these components provide a comprehensive IAM platform that offers secure access and governance across all platforms.

Identity Governance and Administration (IGA)

Identity Governance and Administration makes it possible for customers to manage identity and access holistically, obtaining the insights they need to manage data security and business operations, glean insight into how resources are being used, and provide information to the business to help make informed decisions that impact security, compliance, and IT and business governance.

Identity Manager is a complete solution to control who has access to what across your customers’ enterprise—both inside the firewall and into the cloud. It enables customers to provide secure and convenient access to critical information for business users while meeting compliance demands.
Identity Governance is a comprehensive identity governance solution that provides a business-friendly interface built on a common governance model that spans all your customers’ business processes relating to identity, access, and certification.
Data Access Governance (DAG) - Gain data insight through reports and analysis of Microsoft network and 356-stored data into your unstructured data and repositories. Then put policies in place to protect it from unauthorized access.

Access Management

NetIQ’s Access Manager delivers user single sign-on and secure access to intranet and cloud-based applications from wherever the user is located: the office, remote, on the road; or for consumers, from whatever device they are using.

Access Manager enables organizations to integrate modern as well as legacy web-based applications. In addition to providing multiple federation options, it also allows single sign-on access for applications through its GUI without the need to modify applications or write complex code.
Advanced Authentication allows you to centralize your authentication into a single framework where you can manage them with a single policy console, decreasing costs and increasing security.

Privileged Access Management (PAM)

NetIQ’s Privileged Access Management system centralizes management of elevated credentials using flexible, policy-based methods that enforce least privilege access and enforces consistent privileged access policies and controls.

Privileged Account Manager is a centralized and secure solution that can be easily integrated into your organization's IT environment. Manage and track all your privileged accounts across your entire IT landscape, including on-premises, cloud, and hybrid environments.

Policy Orchestration

NetIQ’s Policy Orchestration is the process of deploying security policies across all data islands such as cloud-based Linux, SaaS applications, Azure AD, data centers, Office 365, mobile devices, etc.

Universal Policy Administrator enables IT Admins to build and deploy security and configuration policies and controls from a single console using a modern, cloud-based solution. UPA’s least-privilege delegation for policy administration for Windows, Mac, Linux, regardless of the device location, such as on premise or within the top cloud providers (Azure, Google AWS, etc.) UPA’s comprehensive and consolidated auditing will provide compliance teams and auditors with proof through process and reports.
AD Bridge extends common and well-known management processes from Active Directory to non-Windows resources like Linux and UNIX. Create security and configuration policy to manage on premise and in the cloud. It helps in breaking the policy silos between windows and Linux administration and provides the multilevel approval process for any policy change.
Change Guardian provides ability to monitor access to critical files and data, identifies changes in key file systems through file integrity monitoring, delivers comprehensive change reporting to demonstrate compliance to auditors.

Directory Resource Administrator closes the native admin gaps for Active Directory, Azure AD, Exchange, and Office 365 with a delegated permission model and extends capabilities to Line of Business administrators. DRA enforces directory policies on-premises or in the cloud and offers detailed reporting of resources across heterogenous environments.

Resources

What is the Principle of Least Privilege?

FeaturedFeatured

Analytics CloudAnalytics Cloud

Analytics DatabaseAnalytics Database

Business Intelligence and ReportingBusiness Intelligence and Reporting

Data DiscoveryData Discovery

eDiscovery and InvestigationseDiscovery and Investigations

Legal Content and Knowledge ManagementLegal Content and Knowledge Management

Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain IntegrationSupply Chain Integration

B2B Integration ServicesB2B Integration Services

Ecosystem CollaborationEcosystem Collaboration

Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Business IntegrationsBusiness Integrations

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Information ArchivingInformation Archiving

Process AutomationProcess Automation

Information GovernanceInformation Governance

Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application SecurityApplication Security

Identity and Access ManagementIdentity and Access Management

Data Privacy and ProtectionData Privacy and Protection

Digital Investigations and ForensicsDigital Investigations and Forensics

Threat IntelligenceThreat Intelligence

Threat Detection and ResponseThreat Detection and Response

Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Functional TestingFunctional Testing

Performance EngineeringPerformance Engineering

DevOps Aviator

Experience CloudExperience Cloud

Web and Brand ExperiencesWeb and Brand Experiences

MessagingMessaging

Customer Journey and DataCustomer Journey and Data

Media ManagementMedia Management

Contact Center AnalyticsContact Center Analytics

Experience Aviator

IT Operations CloudIT Operations Cloud

Service ManagementService Management

FinOpsFinOps

AIOps and ObservabilityAIOps and Observability

AutomationAutomation

Network ManagementNetwork Management

IT Operations Aviator

OpenText ThrustOpenText Thrust

Developer Cloud technical documentationDeveloper Cloud technical documentation

Aviator Thrust

PortfolioPortfolio

Data protection and endpoint backupData protection and endpoint backup

Endpoint management and mobile securityEndpoint management and mobile security

Hybrid work, email, and team collaborationHybrid work, email, and team collaboration

Archiving, eDiscovery, and data securityArchiving, eDiscovery, and data security

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Strategy & Advisory ServicesStrategy & Advisory Services

Consulting ServicesConsulting Services

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Asset LibraryAsset Library

BlogsBlogs

EventsEvents

CommunitiesCommunities

Customer StoriesCustomer Stories

OpenText NavigatorOpenText Navigator

Featured

Analytics Cloud

Analytics Database

Business Intelligence and Reporting

Data Discovery

eDiscovery and Investigations

Legal Content and Knowledge Management

Business Network Cloud

Supply Chain Integration

B2B Integration Services

Ecosystem Collaboration

Content Cloud

Document Management

AI Content Management

Business Integrations

Capture and Intelligent Document Processing

Information Archiving

Process Automation

Information Governance

Cybersecurity Cloud

Application Security

Identity and Access Management

Data Privacy and Protection

Digital Investigations and Forensics

Threat Intelligence

Threat Detection and Response

DevOps Cloud

DevOps Platform

PPM and Strategic Portfolio Management

Quality Management

Functional Testing

Performance Engineering

Experience Cloud

Web and Brand Experiences

Messaging

Customer Journey and Data

Media Management

Contact Center Analytics

IT Operations Cloud

Service Management

FinOps

AIOps and Observability

Automation

Network Management

OpenText Thrust

Developer Cloud technical documentation

Portfolio

Data protection and endpoint backup

Endpoint management and mobile security

Hybrid work, email, and team collaboration

Archiving, eDiscovery, and data security

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Strategy & Advisory Services

Consulting Services

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Asset Library

Blogs

Events

Communities

Customer Stories

OpenText Navigator