Identity and access management (IAM) software helps companies protect their systems from unauthorized access or misuse by only allowing authenticated, authorized users (typically employees, based on job roles) to access specific, protected company systems and data. IT administrators leverage the software to quickly provision, deprovision, and change user identities and the corresponding user access rights at scale. IAM software authenticates users, provides access to systems and data based on company policies, tracks user activity, and provides reporting tools to ensure employees are in compliance with company policies and regulations.
Many IAM solutions include single sign-on (SSO)
and password manager features. For employees, once users authenticate by signing into their accounts or using other multi-factor authentication methods, they are granted limited access to company systems allowed by their user type to complete their typical job functions.
Identity and access management software is different from privileged access management (PAM) software. IAM software is used to authorize, authenticate, and grant specific access to everyday users, such as company employees, while PAM software is used to provide administrative or superusers with granular access to business-critical assets and privileged credentials. IAM software also differs from customer identity and access management (CIAM) software, which provides a company’s customers—opposed to employees—with secured access to customer applications.
To qualify for inclusion in the Identity and Access Management (IAM) category, a product must:
Provision and deprovision user identities
Assign access based on individual role, group membership, and other factors
Enforce user access rights based on permissions
Verify user identity with authentication, which may include multi-factor authentication methods
Integrate with directories that house employee data