What is Identity and Access Management (IAM)? | Google Cloud
Identity and Access Management (IAM) are if you look at the public cloud environment either you can actually treat this as your own on-premises.
There are some people who are trying to access your resources whether it is a Website whether it is your server or whether it is your database, you need to provide permissions or manage the permissions for those users.
There are some users who are accessing your resources or there are some applications accessing your databases.
So you need to manage the permissions and that is the case for the cloud as well.
So in the cloud, you have either individual users or have a group of users you can either give individual permissions or you can give a group of permissions that are bundled inside the roles.
There are groups of users who are managing some specific infrastructure you can create a group and you can assign either the role or permissions to that particular group.
So as men imply comes or goes you can just manage that particular group and the permissions are the roles are associated with the group which will be applicable to that particular use it.
If there are some special provision users you can provide access to users directly instead of the groups and that’s how you can manage the permissions or the roles to that particular user.
But besides the users or group if there is an application trying to access your cloud resources what you can do is you can limit or give permissions to that particular application using the service account.
Inside Google Cloud Platform and the similar concept is used in multiple other cloud platforms like AWS and Azure, But you can restrict the permissions of your Google cloud resources based on the service account to the application.
Authentication in Identity and Access Management (IAM):
Authentication is a process where a user provides his identity to gain access to resources such as applications, systems, devices, and so on.
During Authentication the user needs to provide some pre-registered credentials in order to establish their identity.
Authorization in Identity and Access Management (IAM):
Authorization refers to the process responsible to determine user permission to access particular resources.
Authorization is usually performed by checking the resources access request, against a set of authorization policies typically stored in the backend.
Usually, the process of Authorization verifies a user’s identity and it then enables authorization. An authorization policy then decides what the given identity is allowed to do in the context of the particular system in concern.
Authorization Access Control in IAM:
The Authorization model could also provide complex access controls based on:
- Data, information, policies including user attributes
- User roles, the group as allocated
- Access channel (IP, Geolocation, and so on)
- Time of Access
- Resources requested by the user (Dynamic Behavioural Analysis)
- Externally associated data (Threat intelligence)
- Business Rules.
Authentication Process in Identity and Access Management (IAM):
- Single Factor
- Multi-Factor
- Identity Management
- Authenticator Management
Learn more on Networking Funda