Meet Aembit IAM for Agentic AI. See what’s possible →

TRY AEMBIT

<  BACK TO FULL GLOSSARY

IAM concepts

Identity and Access Management (IAM) concepts cover the policies, processes, and tools used to manage digital identities and regulate user access to resources. Key IAM principles include authentication, authorization, provisioning, and least privilege. Effective IAM ensures that the right users have the right access at the right time.

Categories:
AI/MCP Concepts
IAM concepts
Identity types
IT concepts
NHI security threats
Security concepts

Machine-to-Machine (M2M) Communication

IAM concepts
Communication between non-human entities, such as machines, devices, or applications, without direct human intervention. M2M communication often relies on secure authentication and authorization mechanisms to ensure data privacy and integrity.

No-code Auth

IAM concepts
Ability to allow developers to implement authentication and access controls without needing to write any code for managing secrets or credentials. This simplifies secure access to services by eliminating manual secrets management and enabling centralized access management using identity-based policies.

OAuth (Open Authorization)

IAM concepts
An open standard for authorization that allows third-party applications to access resources on behalf of a user or service, often used to manage workload identity and access to APIs.

OAuth 2.0

IAM concepts
An authorization framework that enables secure access to resources over HTTP. OAuth 2.0 defines different authorization flows, including authorization code flow, implicit flow, client credentials flow, and resource owner password credentials flow, to accommodate various use cases.

OpenID Connect

IAM concepts
An identity layer built on top of OAuth 2.0 that provides authentication services for web and mobile applications. OpenID Connect allows clients to verify the identity of end-users based on the authentication performed by an authorization server, providing user information as JWTs. It also enables federated identity management by allowing clients to verify user identity based on tokens issued by an identity provider.

Least Privilege

IAM concepts
The principle of providing users, machines, or services with only the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access and potential security breaches.

Password Generator

IAM concepts
A tool provided by password managers to create strong, randomized passwords that are difficult to guess or crack. Password generators typically allow users to specify criteria such as length, character types, and special symbols to customize generated passwords.

Key Rotation

IAM concepts
The process of regularly changing cryptographic keys or credentials to mitigate the risk of unauthorized access and improve security. Secrets managers often automate key rotation to ensure that secrets are regularly updated without disrupting applications or services.

Proof Key for Code Exchange (PKCE)

IAM concepts
A security mechanism now mandatory for all clients (Confidential and Public) using the Authorization Code Flow. It prevents an Authorization Code from being intercepted and exchanged for tokens by an unauthorized application.

Password Manager

IAM concepts
A software tool or service designed to securely store, manage, and retrieve passwords and other sensitive information, such as usernames, credit card numbers, and notes. Password managers often encrypt data using strong cryptographic algorithms to protect against unauthorized access.