IAM Basics | Technology Services

What is IAM?

Gartner identifies IAM as the following:

Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise. Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives. (Gartner, 2016)

References: Gartner (2016). Identity and Access Management. Retrieved 08/2016 from http://www.gartner.com/it-glossary/identity-and-access-management-iam/

What is an Identity?

Each of us in the VCU community operate our day-to-day tasks by authenticating our identities which then authorize our access. This happens when we swipe our VCU Cards, when we log in using our eIDs, and when we put our V-numbers on scantrons. From a technological standpoint, or identity is a subset of unique attributes, or pieces of data, that are used to verify who we are and that we are able to access what we are trying to access. This includes our eIDs, V-numbers, VCU Card numbers, group memberships, and roles/affiliations within the university.

What is an Identity Vault?

An identity vault (also called identity store) is a secure location where the attributes / data that construct an identity are stored. The identity vault serves as an authoritative source for identity data, and synchronizes this data down to consuming systems. The data in this vault is made available, either directly through access to the vault, or through data synchronization, to fulfill authentication attempts (verification you are who you say you are) and authorization requests (granting of the access you are supposed to have, or denial of access if you are not allowed to access that system).