Key concepts

Within identity and access management (IAM), various building blocks work together to ensure secure and controlled access to systems and data.

Identities

The foundation of IAM is a user’s digital identity. Education and research organisations create, manage and delete these identities throughout the period that a person is an employee or student. An identifier is used to recognise someone digitally: a unique characteristic, such as a number.

Authentication

Authentication verifies whether someone is actually who they claim to be, for example via a username and password or multi-factor authentication (MFA).

Authorisation

Authorisation determines which systems, applications and data a user has access to, and what actions they are permitted to perform within them, such as reading, editing or deleting data.

Lifecycle management

IAM ensures that access rights adapt to changes in roles, such as a new position, a temporary project or leaving the organisation.

Governance and security

Agreements, policies and controls ensure that identities and access rights are managed effectively and that organisations maintain control over security and privacy, in accordance with regulations and legislation.

Federated framework

A coherent set of rules, standards and agreements that enables organisations to exchange, manage and reuse data in a uniform manner, without the need for a single central database or system. In this case, for effective, secure, trusted and scalable identity and access management within the education and research sector.