Architecture of Identity Access Management in Cloud Computing

Last Updated : 28 Mar, 2023

Pre-requisite: IAM

Identity Access Management is used by the root user (administrator) of the organization. The users represent one person within the organization, and the users can be grouped in that all the users will have the same privileges to the services.

Shared Responsibility Model for Identity Access Management

Cloud Service Provider (CSP)

Infrastructure (Global Security of the Network)
Configuration and Vulnerability Analysis
Compliance Validation

Customer

Users, Groups, Roles, Policies Management and Monitoring
Use IAM tools to apply for appropriate permissions.
Analyze access patterns and review permissions.

The Architecture of Identity Access Management

User Management:- It consists of activities for the control and management over the identity life cycles.

Authentication Management:- It consists of activities for effectively controlling and managing the processes for determining which user is trying to access the services and whether those services are relevant to him or not.

Authorization Management:- It consists of activities for effectively controlling and managing the processes for determining which services are allowed to access according to the policies made by the administrator of the organization.

Access Management:- It is used in response to a request made by the user wanting to access the resources with the organization.

Data Management and Provisioning:- The authorization of data and identity are carried towards the IT resource through automated or manual processes.

Monitoring and Auditing:- Based on the defined policies the monitoring, auditing, and reporting are done by the users regarding their access to resources within the organization.

Operational Activities of IAM:- In this process, we onboard the new users on the organization’s system and application and provide them with necessary access to the services and data. Deprovisioning works completely opposite in that we delete or deactivate the identity of the user and de-relinquish all the privileges of the user.

Credential and Attribute Management:- Credentials are bound to an individual user and are verified during the authentication process. These processes generally include allotment of username, static or dynamic password, handling the password expiration, encryption management, and access policies of the user.

Entitlement Management:- These are also known as authorization policies in which we address the provisioning and de-provisioning of the privileges provided to the user for accessing the databases, applications, and systems. We provide only the required privileges to the users according to their roles. It can also be used for security purposes.

Identity Federation Management:- In this process, we manage the relationships beyond the internal networks of the organization that is among the different organizations. The federations are the associate of the organization that came together for exchanging information about the user’s resources to enable collaboration and transactions.

Centralization of Authentication and Authorization:- It needs to be developed in order to build custom authentication and authorization features into their application, it also promotes the loose coupling architecture.