4.6 Flashcards
Identity and access management, access controls, multifactor authentication, password security
IAM stands for
Identity and Access Management
Giving the right permissions to the right people at the right time is known as
IAM
Software that is used for:
Access control
Authentication and authorization
Identity governance (provisioning/deprovisioning user accounts)
IAM
IAM utilizes ____ access control. That means if a user creates a file, that file is private to that user, even if another user logs into that same device.
Mandatory
The formal process of verifying that a user really is who they say they are. Used by IAM solutions.
Identity proofing
An identity proofing process where the user verifies their identity via government documents, answering questions about previous addresses or purchases, or an in-person meeting.
Verification/attestation
An identity proofing process where the user verifies their identity by sending credentials (username/password) and may answer security questions. This is an information gathering process.
Validation
An identity proofing process where the IAM system gathers information about a user to verify that the user is who they say they are.
Resolution
SSO stands for
Single Sign-On
An authentication solution where the user has to validate their identity only once to access all of the resources in a network.
This is usually limited by time. Ex. You will only be authenticated for 24 hours, after which you will have to authenticate again.
SSO
LDAP stands for
Lightweight Directory Access Protocol
The protocol used to query and update an X.500 directory.
It is also often used for authentication/authorization, typically SSO.
LDAP
A global directory service that organizes components to manage information.
It follows the format of:
attribute=value
X.500
SAML stands for
Security Assertion Markup Language
An open-source standard protocol for authentication and authorization with which you can authenticate through a third-party database.
That way, instead of creating/managing your own identity management database for your organization, you can use one that exists elsewhere.
However, this protocol was not created to work with mobile devices, so its use is limited in modern day.
SAML
An authentication protocol that can authenticate users through a third-party authentication database
SAML
Describe how SAML authentication works
User attempts to access Resource Server
Resource Server redirects user to third-party Authorization Server through an encrypted SAML request
User logs in
Authorization Server redirects the user back to the Resource Server with a SAML token
Resource Server verifies the SAML token and grants access to the user
An authorization framework that allows applications to access resources on a user’s behalf
OAUTH
When you see a message such as:
“[3rd Party App] wants to access your Google Account
This will allow [3rd Party App] to:
See, edit, create, and delete all of your Google Drive files”
What authorization protocol is being used?
OAUTH