Blog
Recent
Security Tips

Breaking Down Identity and Access Management Acronyms

Rose de FremeryJuly 06, 2022
Identity and access management, or IAM, is a cybersecurity field that is rife with acronyms. With letters flying everywhere, how can you make sense of all these acronyms and what they mean, especially in the face of increasing cyber attacks and breach fatigue? We'll introduce seven commonly used acronyms in the IAM world and give you the lowdown on each one. Once you understand each concept and how it works to protect your identity, you'll have the knowledge you need to stay safe online.

IAM (identity and access management) 

With staggering data breaches happening almost all the time, companies are under increasing pressure to protect sensitive customer and business data. They use identity and access management, or IAM, to help with this task. IAM is designed to control how users access accounts, systems, and information – so only the people who are authorized to access those resources are able to do so. IAM usually includes a collection of business processes, policies, and technologies for electronic identities. For example, on the technology side, IT teams often use tools like single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM) to provide employees or users secure access to company systems. We'll dig into SSO, MFA, and PAM in just a moment.

IdP (identity provider) 

Perhaps even without realizing it, you've probably already come across an identity provider (IdP) on your internet travels. Have you ever signed up for a new app or social media channel and noticed the option to use your Google account to streamline the process? If so, you've seen an IdP in action. When you choose that option, you're actually using Google Sign-In as your identity provider behind the scenes. Your Google account, which has already been verified, gives you a federated identity that you can then use to sign into other third-party platforms that use Google Sign-In. 

SSO (single sign-on) 

Much like an IDP, single sign-on (SSO) gives you one account to rule them all. SSO lets you use one set of credentials, such as a username or password for your main work account, to access other apps and systems. This is especially useful for people who are working from home because it means they no longer have to remember all of the unique usernames and passwords associated with the tools they use to get their work done (a password manager can also help with this, of course). According to the 2021 Psychology of Passwords, 90% of respondents say they have up to 50 online or app accounts. So, any tool that can help people manage all of their passwords more easily is going to be beneficial.

SAML (security assertion markup language)  

You may not have heard of SAML (security assertion markup language) before, likely because it supports many identity and access management systems behind the scenes. Federated identity systems like IdP and SSO use SAML to help you connect to multiple systems or services using a single identity, like your Google or work account. SAML provides these federated identity systems with a standard framework they can all agree on for carrying out this process, streamlining how you log into your accounts while keeping the process as secure as possible. 

MFA (multi-factor authentication) 

Originally, when logging into an account, you only needed to provide one kind (or factor) of authentication: your password. Because passwords can't singlehandedly protect your account, however, more companies have begun using multi-factor authentication (MFA) to keep your account secure. As a consumer, you've probably already used MFA tools at least once. They often ask you to provide an additional form of authentication in addition to just your password, so the system can verify your identity. This is usually a code that you get from a text message or an authenticator app. It can even be a biometric form of authentication, like facial recognition or fingerprint recognition.

PAM (privileged access management)  

Some accounts, like those belonging to the CEO or finance director at a company, have access to especially valuable or sensitive information. Cyber criminals often directly target such people with phishing scams like CEO fraud or business email compromise (BEC). This is where PAM, or privileged access management, comes in. PAM is a combination of tools and technologies that are designed to secure, monitor, and control privileged user accounts that, if compromised, could seriously threaten the company or its customers. With more robust controls in place to protect these important accounts, businesses can make sure that only authorized personnel are accessing critical systems and data.

OTP (one-time password)  

A one-time password, or OTP, is exactly what it sounds like. Instead of only using a static password that never changes, an authentication system can also ask for a one-time password every time you attempt to log in. This way, if a bad actor has hacked, cracked, or stolen your password and is trying to break into your account, they're going to have a much harder time doing it. You'll often see OTPs used for multi-factor authentication (MFA). People who work for companies with strict security requirements traditionally got their OTPs from a pocket-sized key fob or a smart card that continually generated new codes, but now authenticator apps like Google Authenticator or LastPass Authenticator let the rest of us do it directly from our smartphones.

Know your identity and access management acronyms

There you have it. Now you know your IAM from your PAM, and you can tell the difference between IdP and SSO. You may have even discovered that you're already using a few of these tools, like MFA and OTP, to securely access your favorite apps and accounts. By getting up to speed on your identity and access management acronyms, you're now better prepared to protect your digital life and combat breach fatigue. Learn how LastPass Premium secures your digital life.