Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

A Survey on Identity and Access Management

Zeel Hiren Shah
NMIMS’s MPSTME

Abstract:- Different architectural issues related to Identity and access management (IAM) refers to the
Identity and Access Management (IAM) are arising for products, processes, and policies that are employed to manage
the successful deployment of applications in the context of user identities and regulate user access within an
digital entitlement. Data management solutions should organisation. It makes reference to the IT security discipline,
include effective access control methods and choose the foundation, and digital identity management solutions.
best configuration among the numerous and intricate Identity management includes identification provisioning and
approaches to offering access control services. The IAM de-provisioning, identification security and authentication,
features can be used to implement Web Single Sign-on and authorization to access resources and/or perform specific
(SSO), federated identities, password synchronisation, actions. IAM's overriding goal is to ensure that any given
and service granularity, allowing the system to address identity has access to the appropriate resources (applications,
and resolve the majority of current access management datasets, networks, etc.) and context.
concerns. This paper gives you the general idea of what is
IAM (Identity Access Management), How it is related to Identity management systems are used to secure user
Cybersecurity, Its Functional Areas and its role in access, manage users, perform credential verifications, and
Cybersecurity and in Information Security for a better determine whether the right people are accessing the services'
understanding. resources. Users are authenticated in a variety of ways,
including passwords, biometrics, tokens, and certificates. In
I. INTRODUCTION most organisations, the risk, cost, and effort required to
manage identity grows in tandem with the organization's size.
Traditionally, Software applications are typically This assists the organisation in lowering the risk associated
deployed and deployed inside the boundaries of an with identity management, as well as the cost and time
organization's information system. As a result, the company required to meet the identity and access needs of the
has a "confidential area" that is determined by static employees.
procedures and is overseen and managed by the IT
department's expertise. The "confidential area" typically II. RELATED WORKS
refers to the central organisational network, as well as internal
systems and applications, which are arranged in the shape of This chapter explores existing studies works on Identity
a data centre. The data centre can either be maintained by and Access Management in an organisation, outlining work's
professionals from within the company or it can be contracted strengths and flaws of each work. To address the various
out to an outside service provider (in which case the company types of authentication and authorization issues, several
typically retains the right to control and last say over how researchers have proposed various approaches and models.
security rules are developed and enforced). In a  A new architecture for managing identity and controlling
"conventional" paradigm, a number of specialised access to resources in a multi-tier cloud infrastructure was
technologies that are implemented at the network level secure proposed in the article [1]. The architecture is made up of
access to the organization's operational resources. two major components: middleware and centralised IAM
for managing user and infrastructure data. While the
Nowadays, maintaining identities and credentials for repository handles database operations, middleware sits in
their technological resources is a challenging issue that many front of a resource provider and manages time-consuming
enterprises must deal with. What began as a straightforward decision making such as authorization and authentication.
problem contained within the boundaries of the data centre The architecture was tested on the Canadian SAVI
has evolved into a huge and enormously complicated issue testbed. The system is built on a multi-tier infrastructure
that affects businesses of all kinds. In particular in remote IT IAM solution, such as the SAVI testbed. However, the
systems, many major firms are unable to efficiently control proposed work necessitates a significant amount of effort
the identities and access permissions assigned to users. to define and assign roles.
System administration (SA) teams have been developed by IT
departments during the past few years to handle the  An integrated identity and attribute-based access
organization's numerous servers, databases, and management system for cloud web services was proposed
workstations. Nevertheless, managing access to the in the paper [2]. The hybrid architecture for authentication
organization's resources continues to be difficult even with and attribute based control (ABAC) for authentication
the introduction of SA groups. Even with this increase, were used in the proposed integrated approach. Identity
manual procedures and human resources occasionally fall Management and Access Management models are
short of the demanding workloads and high administrative included. To access cloud web services, the user must first
costs required to manage user IDs inside the business. authenticate via an identity system from the initiated

IJISRT22SEP433 www.ijisrt.com 1768

Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
application, which is Identity Management. There is a III. FUNCTIONAL AREAS
process in place to verify the access token with the identity
system and perform cloud authorization. This work, on the An IAM Framework can be divided into four major
other hand, only provides and demonstrates a theoretical areas:
framework.  Authentication: This refers to the procedure by which a
user gives appropriate credentials to get access to an
 The authors [3] proposed an identity and access application system or a specific resource for the first time.
management as a service (IAMaaS) framework that Once a user is authorised, a session is generated and used
focuses on authentication, authorization, identity throughout the user's interaction with the application
administration, and auditing. It is also concerned with system until the user logs out or the session is ended in
identity verification and granting correct access to some other way (e.g. timeout).
resources that are protected in the cloud environment.
When a user logs in, his or her credentials are validated  Authorization: Once a user has been authenticated,
and a token is generated, which is then passed to the authorization handles the rest of an organization's identity
private cloud's protected resources, such as devices, data, and access management processes. Users are granted
and application servers. The framework, however, has yet permissions based on their role within an organisation.
to be integrated into SECaaS and has only demonstrated a Authorizations determine a role's network resources and
proof-of-concept (POC). level of access.

Fig 1:- Functional Areas of IAM

 User Management: This category includes user repositories, both a meta-directory and a virtual directory
administration, strong passwords, role/group can be employed. By collecting data from numerous
management, and user/group provisioning. It defines a identity sources, a meta-directory often gives an aggregate
collection of administrative duties such as identity collection of identity data. To maintain the data in sync
generation, propagation, and the management of user with other identity sources, it often incorporates a two-
identities and privileges. One of its components is user life way data synchronisation service.
cycle management, which allows a company to control the
lifecycle of a user account from provisioning through de- A. Role of IAM in Cybersecurity
provisioning. Some user management functions should be Effective IAM infrastructure and solutions assist
centralised, while others must be outsourced to end users. enterprises in establishing secure, productive, and efficient
Delegated management allows an organisation to allocate access to technology resources across these disparate
duty directly to user departments. Delegation may also systems, while also providing several important key benefits:
increase system data accuracy by entrusting updating  Enhanced Data Security: Business and IT personnel
responsibilities to those who are most acquainted with the receive a streamlined and uniform manner of controlling
situation and data.. user access across an organization's identity lifecycle by
unifying both authentication and authorization capabilities
 Central User Repository: The Central User Repository on a single centralised platform. When employees leave a
maintains and distributes identification information to firm, for example, a centralised IAM solution enables IT
other systems, as well as verifies customer credentials. managers to revoke their access with assurance that the
The Central User Repository aggregates or logically revocation will take effect quickly throughout all
organises an enterprise's identities. To handle different business-critical systems and assets that are linked with
identity data from several systems and application user the centralised IAM solutions.

IJISRT22SEP433 www.ijisrt.com 1769

Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
It is critical for information security that a specific user
has control over what he can access. The ideal is to appeal to
the maxim of "minimum privileges," in which a person
receives authorization and sees only what has been allowed
on his screen through the management of permission groups.

Fig 2 A:- Role of IAM in Cybersecurity

 Reduced Security Costs: Having a centralised IAM

platform in an organisation to manage all users and their Fig 2 B:- Role of IAM in Information Security
access enables IT to work more efficiently. As part of their
job in today's world, every employee has access to IV. CHALLENEGES AND RISKS OF
thousands of systems and resources. An effective IMPLEMENTING IAM
centralised IAM solution can address this challenge
diligently, resulting in significant time and money savings Despite the fact that IAM is present at all levels of an
for the company. organization's information security architecture, it does not
cover all bases. The evolution of users' "birth right access"
 Least Privilege Principle: The principle of least privilege rules is one issue [5, 6]. These are the access rights granted to
is an important practise in computer and information new users on their first day of employment at a company.
security for limiting access privileges for users to the bare When it comes to granting access to new employees,
minimum necessary to perform their job duties. With an contractors, and partners, the options are numerous and cover
insider being involved in 77% of data breaches, it is a wide range of departments. According to Steve Brazen,
critical to ensure that access to all corporate resources is research director at the European Medicines Agency, who
secured and granted using the least privilege principle. wrote about it in a blog post, this level of automation becomes
critical when considering automated onboarding and
 Enterprise IT Governance: Taking global compliance compliance management of users, user self-service, and
regulations such as HIPPA, SOX, and the upcoming EU ongoing verification of compliance. Manually changing
GDPR (General Data Protection Regulation) into account, access rights and restrictions for hundreds or thousands of
a lack of effective identity and access management poses users at the same time is not possible [6]. Having no
significant compliance risks. Through automated automatic "leave" procedures (and failing to review them on
governance controls, modern IAM solutions and products a regular basis) virtually guarantees that unnecessary access
can enforce user access policies such as separation-of- privileges will not be completely removed.
duty (SoD) and establish consistent governance controls,
eliminating access violations or over-entitled users. This Another issue is that, while zero-trust networks are
will ensure that businesses adhere to business and popular right now, it is difficult to constantly monitor these
government compliance and regulatory standards. trust connections when new applications are introduced into
a corporation's IT system architecture. We must examine the
B. Role of IAM in Information Security baselines of behaviour and monitor what individuals do after
One of the three main pillars of information security is logging in. Many false positive scenarios exist, such as when
the role of identity, which is responsible for cataloguing users a user breaks their finger, which can destabilise these trust
within a system so that everyone who has access to it can be connections. The relationship between identity and access
properly authenticated. It is critical for better access control management (IAM) and single sign-on (SSO) must then be
that the roles of identities are clear and that the individual who properly managed [7, 8]. Okta's acquisition of Auth0 [8]
wishes to access them can be easily identified. demonstrates that the integration of identity and access
management with customer-centric identity and access
management has begun. Because security experts will
continue to treat these initiatives separately, IAM will be
constantly playing catch-up.

IJISRT22SEP433 www.ijisrt.com 1770

 Volume 7, Issue 9, September – 2022 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Following that, IAM personnel should be acquainted  where their application and users are not on a single
with a wide range of cloud architectures. The following repository;
sections [8] provide examples of IAM security best business  where Single Sign-On is a priority among diverse
practises for Amazon Web Services (AWS), Google Cloud applications an enterprise or organisation.
Platform, and Microsoft Azure. It will be difficult to integrate
these practises into an organization's network and application This research evaluated how artificial intelligence (AI)
infrastructure, and it will be even more difficult to close the is being used in identity and access management, as well as
security gaps that exist between different cloud providers. the difficulties that have been encountered and the industry's
future.
Finally, IT administrators must incorporate identity
management into the design of all new apps from the start. To Because it acts as a barrier between users and sensitive
successfully pilot any IAM and identity governance company assets, identity and access management is a critical
initiatives, choose a target app carefully that can be used as a component of any business information security. It helps to
template and then expanded to other applications throughout prevent the use of stolen usernames and passwords, as well as
the business. easily cracked passwords, which are common network entry
points for malicious attackers looking to plant malware or
V. HOW ARTIFICAL INTELLIGENCE ADDRESS steal data.
IAM CHALLENGES
REFERENCES
Despite the fact that this is a fairly common occurrence
in many businesses, it is not necessary to stay in this state. [1]. Faraji, M., Kang, J.-M., Bannazadeh, H., & Leon-
Artificial intelligence (AI) could be a huge help in achieving Garcia, A. (2014). Identity access management for
successful IAM, alleviating a lot of stress. Businesses will be Multi-tier cloud infrastructures. 2014 IEEE Network
able to transition from overly technical access management to Operations and Management Symposium (NOMS). doi:
access management that is understandable at all levels of the 10.1109/noms.2014.6838229
organisation as a result of these technologies [9]. Analytics [2]. Indu, I., & Anand, P. M. R. (2015). Identity and access
combined with artificial intelligence will provide insights into management for cloud web services. 2015 IEEE Recent
focus and discourse, allowing both technical and non- Advances in Intelligent Computational Systems
technical employees to work for extended periods of time (RAICS). doi: 10.1109/raics.2015.7488450
while remaining productive. Using cutting-edge technology, [3]. Sharma, D. H., Dhote, C. A., & Potey, M. M. (2016).
new insights can be gained, and procedures can be automated, Identity and Access Management as Security-as-
allowing for a significant speedup in current IAM compliance aService from Clouds. Procedia Computer Science, 79,
controls. They will detect anomalies and potential threats 170–174. doi: 10.1016/j.procs.2016.03.117
without the need for a large team of security experts to do the [4]. Bresz, F., Renshaw, T., Jeffrey R., & Torpey, W. (2007,
same. This provides technical and non-technical employees November). Identity and Access Management.
with the information they need to make the best decisions Retrieved from
possible. The need for such development is critical, https://chapters.theiia.org/montreal/ChapterDocuments
particularly in anti-money laundering and known security /GTAG%209%20-
vulnerabilities, but also in countering business executive risks %20Identity%20and%20Access%20Management.pdf
[9]. It paves the way for a future transition from reactive [5]. M. Uddin and D. Preston, "Systematic Review of
access management to preventive or even corrective access Identity Access Management in Information Security",
management. As a result of their efforts, businesses are Journal of Advances in Computer Networks, vol. 3, no.
always up to date and secure. 2, pp. 150-156, 2015.
[6]. I. Aguiló, L. Valverde and M. Escrig, Artificial
VI. CONCLUSION intelligence research and development. Amsterdam:
Tokyo, 2003
In this paper, we saw that IAM system provides a [7]. R. Lee, Software engineering, artificial intelligence,
strong identity and access management system to an networking and parallel/distributed computing. Cham :
enterprise being it on-premise or on cloud web related Springer International Publishing : Imprint : Springer,
services. To assist enterprises in meeting today's business 2015.
challenges, Identity and Access Management (IAM) has [8]. S. Phon-Amnuaisuk, S. Ang and S. Lee, Multi-
emerged. IAM combines business processes, security disciplinary Trends in Artificial Intelligence. Cham,
policies, and technologies to assist organisations in managing Switzerland: Cham, Switzerland : Springer, 2017.
digital identities (user attributes that describe who users are, [9]. J. Sołdek and L. Drobiazgiewicz, Artificial intelligence
how they prove their identity, and the resources they can and security in computing systems. [Place of
access) and controlling resource access. Any enterprise publication not identified]: Springer, 2013.
should implement an identity and access management [10]. https://searchsecurity.techtarget.com/definition/identit
system: y-access-management-IAM-system
 with a large number of employees where users are
provisioned frequently and frequently; -where there is a
need to monitor who accessed what and to what extent;

IJISRT22SEP433 www.ijisrt.com 1771