100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace

Identity & Access Management (IAM) Cheat Sheet

Identity & Access Management (IAM) Cheat Sheet

Covers IAM core concepts including authentication protocols, RBAC/ABAC models, and provisioning lifecycle for enterprise access control.

2 PagesIntermediateFeb 12, 2026

Core IAM Concepts

Foundational terms distinguishing identity and access functions.

  • Authentication (AuthN)- Verifying who a user or system is (e.g. password, MFA, certificate)
  • Authorization (AuthZ)- Determining what an authenticated identity is allowed to do
  • Provisioning- Creating and configuring accounts and access when a user joins/changes roles
  • De-provisioning- Revoking access promptly when a user leaves or changes roles
  • SSO- Single Sign-On; one login session grants access across multiple applications
  • Federation- Trust relationship allowing identity from one domain to be used in another

Access Control Models

Different strategies for determining who can access what.

  • RBAC- Role-Based Access Control; permissions assigned to roles, users assigned to roles
  • ABAC- Attribute-Based Access Control; decisions based on user/resource/environment attributes
  • DAC- Discretionary Access Control; resource owner decides who gets access
  • MAC- Mandatory Access Control; access governed by fixed system-wide policy (e.g. classification labels)
  • PoLP- Principle of Least Privilege; grant only access strictly required for the role

SSO Protocol Basics

Simplified flow comparison of two common federated identity protocols.

text
# SAML (XML-based, common in enterprise SSO)1. User requests app -> App redirects to IdP2. IdP authenticates user, generates signed SAML assertion3. Browser POSTs assertion to app's Assertion Consumer Service (ACS)4. App validates signature, creates session# OpenID Connect (JSON/OAuth2-based, common in modern web/mobile)1. App redirects to IdP's /authorize endpoint2. User authenticates, IdP redirects back with an authorization code3. App exchanges code for an ID token (JWT) at the /token endpoint4. App validates the JWT signature and claims

IAM Best Practices

Habits that reduce identity-related risk in an organization.

  • Enforce MFA everywhere- Especially for privileged and remote access accounts
  • Just-in-time access- Grant elevated privileges only for the duration needed, then auto-revoke
  • Regular access reviews- Periodically recertify that granted access is still required
  • Centralize identity- Use a single IdP rather than app-specific credential stores
  • Audit logging- Log all authentication and privilege-change events for investigation
Pro Tip

Automate de-provisioning by tying it to your HR system's termination event — manual offboarding is the single most common source of orphaned accounts that attackers find and exploit months later.

Was this cheat sheet helpful?

Explore Topics

#IdentityAccessManagementIAM#IdentityAccessManagementIAMCheatSheet#Cybersecurity#Intermediate#CoreIAMConcepts#AccessControlModels#SSOProtocolBasics#IAMBestPractices#Security#InfrastructureAsCode#CheatSheet#SkillVeris