OVERVIEW OF IDENTITY &

ACCESS MANAGEMENT
(I&AM) PROTOCOLS AND
STANDARDS

SULTAN S ALHOMOUD
Prepared by: Sultan S AlHomoud LinkedIn: linkedin.com/in/sultansh-cs

Identity & Access Management (I&AM) Protocols and Standards

1. Authentication Protocols and Standards: This section covers essential methods and technologies used to
verify user identities.
2. Access Control Methods: This section covers different strategies for managing and controlling user
permissions and access rights
3. Directory and Provisioning Technologies: This section focuses on the protocols and standards used for
directory services and automated user management.

Section 1: Authentication Protocols and Standards

Term Full Form Use Cases When It's Used Examples of Features
Solutions
SSO Single Sign-On Simplifies user Used in Okta, Microsoft Centralized
login by allowing organizations to ADFS, Ping authentication,
access to multiple streamline user Identity reduced password
applications with access to multiple fatigue.
one set of services.
credentials.
SAML Security Assertion Enables secure Commonly used for Okta, Azure XML-based,
Markup Language transmission of web-based SSO AD, OneLogin widely adopted for
authentication and between an identity enterprise SSO,
authorization data provider and service supports
between parties. providers. federation.
OAuth Open Allows third-party Used in scenarios Google OAuth, Token-based,
Authorization apps to access user like granting apps Microsoft supports API
data without permission to access Azure AD authorization,
exposing user data on often used with
passwords. platforms like OpenID Connect
Google or Facebook. for authentication.
OIDC OpenID Connect Layer on top of Used for user Google OIDC, JSON-based,
OAuth 2.0 for authentication in Auth0, Okta simple setup,
authentication, web and mobile integrates with
providing user applications. OAuth 2.0,
login information. supports SSO.
Kerberos (No abbreviation) Network Commonly used in Microsoft Mutual
authentication enterprise Active authentication,
protocol that uses environments for Directory, ticket-based,
secret-key secure Heimdal resistant to replay
cryptography. authentication. Kerberos attacks.
RADIUS Remote Networking Used in scenarios Cisco ISE, Centralized AAA,
Authentication protocol for like Wi-Fi networks, FreeRADIUS, supports multiple
Dial-In User centralized (AAA). VPNs, and network Microsoft NPS authentication
Service access control. methods, scalable.
Prepared by: Sultan S AlHomoud LinkedIn: linkedin.com/in/sultansh-cs

2FA/MFA Two- Adds a second Used to increase Duo Security, Enhances security
Factor/Multifactor layer of security by security for sensitive Google by combining
Authentication requiring data, accounts, or Authenticator, multiple factors
additional systems. Microsoft MFA for authentication,
verification. such as passwords,
biometrics, or
tokens.
PKI Public Key Manages digital Used in OpenSSL, Supports
Infrastructure certificates and environments Microsoft encryption, digital
encryption keys for requiring strong Certificate signatures, and
secure encryption and Services certificate
communication. secure authorities.
communications.

Section 2: Access Control

Term Full Form Use Cases When It's Used Examples of Features
Solutions
FIM Federated Links multiple Used in B2B PingFederate, Cross-domain SSO,
Identity identity scenarios to enable Shibboleth, identity federation,
Management management trust between Okta interoperability.
systems across different
organizations for organizations’
seamless access. identity systems.
TACACS+ Terminal Cisco protocol for Used in Cisco ISE, Separates
Access AAA, often used environments FreeRADIUS Authentication,
Controller in network requiring granular (with Authorization, and
Access-Control devices. control over user TACACS+ Accounting, more
System Plus permissions. support) secure than RADIUS.
XACML eXtensible Fine-grained Used in complex Axiomatics, Attribute-based access
Access Control access control environments Oracle control, supports
Markup policy language requiring detailed Entitlements complex policies,
Language based on attributes. access control Server XML-based.
policies.
RBAC Role-Based Access control Used to simplify Azure AD, Simplifies permission
Access Control based on user roles permission AWS IAM, management, groups
within an management and Oracle Identity permissions into roles,
organization. enforce least Manager easy to implement.
privilege.
ABAC Attribute-Based Access control Used in Axiomatics, Provides dynamic
Access Control based on attributes environments NextLabs access control based
(user, resource, requiring dynamic on multiple attributes,
environment). and fine-grained policy-driven,
access control. supports complex
environments.
Prepared by: Sultan S AlHomoud LinkedIn: linkedin.com/in/sultansh-cs

Section 3: Directory and Provisioning

Term Full Form Use Cases When It's Used Examples of Features
Solutions
LDAP Lightweight Directory service Used in centralized OpenLDAP, Hierarchical
Directory protocol for authentication and Microsoft structure, supports
Access accessing and directory services. Active directory services,
Protocol maintaining Directory commonly used for
distributed directory user authentication.
information.
AD (Active Active Directory service for Used in enterprise Microsoft Centralized
Directory) Directory managing users, environments for Active management,
computers, and centralized user and Directory, integrates with
policies within resource Azure AD Windows services,
Windows management. supports Group
environments. Policy and Kerberos
authentication.
SCIM System for Standard for Used when syncing Okta, Automates user
Cross-domain automating user user information OneLogin, management, reduces
Identity provisioning and across different Azure AD manual provisioning,
Management deprovisioning. systems. supports REST APIs.
SPML Service Standard for Used in Oracle Identity XML-based, supports
Provisioning automating environments Manager, IBM provisioning, cross-
Markup provisioning across requiring automated Security platform integration,
Language different platforms. user provisioning Identity simplifies user
and deprovisioning. Governance lifecycle
management.

I hope these tables serve as a valuable resource for understanding and navigating the complexities of I&AM.

Further Reading:

• https://learn.microsoft.com/en-us/entra/fundamentals/identity-fundamental-concepts
• https://learn.microsoft.com/en-us/entra/fundamentals/introduction-identity-access-management
• https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/what-is-single-sign-on
• https://sansorg.egnyte.com/dl/5HrqJVJ6Xv
• https://www.nist.gov/identity-access-management/nist-special-publication-800-63-digital-identity-guidelines