The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER

<  BACK TO FULL GLOSSARY

IAM concepts

Identity and Access Management (IAM) concepts cover the policies, processes, and tools used to manage digital identities and regulate user access to resources. Key IAM principles include authentication, authorization, provisioning, and least privilege. Effective IAM ensures that the right users have the right access at the right time.

Categories:
AI/MCP Concepts
IAM concepts
Identity types
IT concepts
NHI security threats
Security concepts

Proxy

IAM concepts
A proxy in workload identity and access management is an intermediary component that intercepts, authenticates, and authorizes requests between workloads and resources, enabling dynamic credential injection, policy enforcement, and secure communication without requiring changes to application code
Read More

Secrets Manager

IAM concepts
A secrets manager is a centralized security system for storing, controlling access to, and managing the lifecycle of sensitive authentication credentials such as API keys, passwords, certificates, and cryptographic keys. These systems encrypt secrets at rest and in transit, enforce policy-based access controls, provide comprehensive audit trails, and automate credential rotation to reduce the risk of unauthorized access and data breaches.
Read More

Secret Rotation

IAM concepts
Secret rotation is the systematic process of periodically replacing cryptographic credentials (passwords, API keys, tokens, certificates) to limit the exposure window of any single credential and reduce the risk of compromise. According to NIST SP 800-57, rotation establishes a defined “cryptoperiod” during which a specific credential is authorized for use, after which it must be replaced with a new one.
Read More

Identity Broker

IAM concepts
An Identity Broker is an intermediary security service that facilitates federated authentication and authorization between external identity providers and internal service providers, validating identity assertions and translating them into short-lived access tokens or credentials for workload authentication across organizational and security domain boundaries.
Read More

Dynamic Secrets

IAM concepts
Dynamic secrets are temporary passwords or keys that your systems generate on-demand every time a program requests access. Unlike static secrets (which persist until someone manually changes them), dynamic secrets have a limited lifespan and automatically expire after use. This significantly reduces the risk of exposure if they are ever compromised.
Read More

Authorization

IAM concepts
Authorization is the process of verifying whether a previously authenticated identity (user, machine, or agent) is allowed to perform a specific action or access a particular resource.
Read More

Authentication

IAM concepts
Authentication is the process of verifying the identity of a user, machine, or application attempting to access a system or resource. It ensures that each access request originates from a legitimate, trusted entity before authorization and policy enforcement take place.
Read More

Attestation

IAM concepts
Attestation is simply a digital way to verify a piece of software (a workload) is trustworthy and truly is who it claims to be. It’s a security process that provides proof of authenticity using signed, digital evidence. This proof eliminates the need for old-fashioned passwords or static keys. Think of it as a digital passport check: instead of just trusting that an application is what it says it is, attestation forces it to prove its identity using verifiable, tamper-proof measurements.
Read More

Machine-to-Machine (M2M) Communication

IAM concepts
Communication between non-human entities, such as machines, devices, or applications, without direct human intervention. M2M communication often relies on secure authentication and authorization mechanisms to ensure data privacy and integrity.

OpenID Connect

IAM concepts
An identity layer built on top of OAuth 2.0 that provides authentication services for web and mobile applications. OpenID Connect allows clients to verify the identity of end-users based on the authentication performed by an authorization server, providing user information as JWTs. It also enables federated identity management by allowing clients to verify user identity based on tokens issued by an identity provider.