Meet Aembit IAM for Agentic AI. See what’s possible →

TRY AEMBIT

<  BACK TO FULL GLOSSARY

IAM concepts

Identity and Access Management (IAM) concepts cover the policies, processes, and tools used to manage digital identities and regulate user access to resources. Key IAM principles include authentication, authorization, provisioning, and least privilege. Effective IAM ensures that the right users have the right access at the right time.

Categories:
AI/MCP Concepts
IAM concepts
Identity types
IT concepts
NHI security threats
Security concepts

Authorization

IAM concepts
Authorization is the process of verifying whether a previously authenticated identity (user, machine, or agent) is allowed to perform a specific action or access a particular resource.
Read More

Authentication

IAM concepts
Authentication is the process of verifying the identity of a user, machine, or application attempting to access a system or resource. It ensures that each access request originates from a legitimate, trusted entity before authorization and policy enforcement take place.
Read More

Attestation

IAM concepts
Attestation is simply a digital way to verify a piece of software (a workload) is trustworthy and truly is who it claims to be. It’s a security process that provides proof of authenticity using signed, digital evidence. This proof eliminates the need for old-fashioned passwords or static keys. Think of it as a digital passport check: instead of just trusting that an application is what it says it is, attestation forces it to prove its identity using verifiable, tamper-proof measurements.
Read More

Machine-to-Machine (M2M) Communication

IAM concepts
Communication between non-human entities, such as machines, devices, or applications, without direct human intervention. M2M communication often relies on secure authentication and authorization mechanisms to ensure data privacy and integrity.

No-code Auth

IAM concepts
Ability to allow developers to implement authentication and access controls without needing to write any code for managing secrets or credentials. This simplifies secure access to services by eliminating manual secrets management and enabling centralized access management using identity-based policies.

OAuth (Open Authorization)

IAM concepts
An open standard for authorization that allows third-party applications to access resources on behalf of a user or service, often used to manage workload identity and access to APIs.

OAuth 2.0

IAM concepts
An authorization framework that enables secure access to resources over HTTP. OAuth 2.0 defines different authorization flows, including authorization code flow, implicit flow, client credentials flow, and resource owner password credentials flow, to accommodate various use cases.

OpenID Connect

IAM concepts
An identity layer built on top of OAuth 2.0 that provides authentication services for web and mobile applications. OpenID Connect allows clients to verify the identity of end-users based on the authentication performed by an authorization server, providing user information as JWTs. It also enables federated identity management by allowing clients to verify user identity based on tokens issued by an identity provider.

Least Privilege

IAM concepts
The principle of providing users, machines, or services with only the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access and potential security breaches.

Password Generator

IAM concepts
A tool provided by password managers to create strong, randomized passwords that are difficult to guess or crack. Password generators typically allow users to specify criteria such as length, character types, and special symbols to customize generated passwords.