IV - Identity and Access Management Flashcards
Principle of least privilege required
Grant lowest required access rights necessary to perform required duties.
Role-based access controls
Level of access is determined by a person’s role in the organization. Easy to maintain.
user-based access controls
Access to systems is user-based and heavily personalized. More difficult to maintain.
Context-aware access control
Granular access control that could be based on current attributes like IP address, device security level, or location. Someone could have the right authorization (according to user-based ACLs) but isn’t on the right IP address.
Cross-enterprise authentication and authorization
Single sign-on (SSO)/SAML
Federated Identity
A person’s identity is authenticated in a trusted, centralized service. Uses tokens (SSO).
Single-factor authentication
Only uses one form of authentication to log into an account.
Multifactor authentication
Requires multiple forms of authentication to log in.
Something you know
Username and password
Something you are
Biometrics (fingerprint, facial recognition)
Something you have
A token/key (e.g. a yubikey)
Where you are
Physical location. This is sometimes also considered part of “something you are.”