IAM basics

Imagine oru big office building. Front la security guard iruppaan — ID card check pannuvaan, visitor ah na register pannuvaan, certain floors ku access illa nu solluvan. 🏢

Digital world la idhe same job panradhu dhaan IAM — Identity and Access Management!

Yaaru login pannalam, yaaru enna access pannalam, yaaru enna panna allowed — ivanga ellam control pannuradhu IAM. Indha article la IAM basics, concepts, and real examples paapom! 🔑

IAM = Identity and Access Management

Two main questions:

1. Identity: "Nee yaaru?" — Verify who you are
2. Access: "Nee enna panna allowed?" — What can you do

Why IAM important?

• 80% of data breaches involve compromised credentials
• Companies average 187 apps use pannuranga — access manage pannanum
• Compliance (GDPR, HIPAA) require proper access control

Ivanga rendu most confused concepts:

Authentication (AuthN) 🪪

• "Prove who you are"
• Login process — username + password
• Biometric — fingerprint, face ID
• Result: Identity verified ✅ or rejected ❌

Authorization (AuthZ) 🔐

• "What are you allowed to do?"
• After authentication, permissions check
• Admin can delete files, User can only view
• Result: Access granted ✅ or denied ❌

Analogy: Cinema theatre 🎬

• Authentication = Ticket check at entrance (nee valid customer ah?)
• Authorization = Seat assignment (Gold class ah, Regular ah?)

First AuthN, then AuthZ — always this order!

MFA = 2 or more factors use panni identity verify pannuradhu.

Three types of factors:

🧠 Something you KNOW — Password, PIN, security question

📱 Something you HAVE — Phone (OTP), hardware token, smart card

👆 Something you ARE — Fingerprint, face scan, iris scan

Why MFA matters: Password alone compromise aanalum, second factor illama hacker login panna mudiyaadhu! 99.9% of account attacks MFA prevent pannum. 🛡️

RBAC = Users ku roles assign panni, roles ku permissions assign pannuradhu.

Office example:

• CEO → All departments access
• HR Manager → HR files, employee data
• Developer → Code repo, dev servers
• Intern → Only shared documents

RBAC Benefits:

• Easy to manage — role add/remove pannunga
• Principle of Least Privilege follow aagum
• Audit easy — who has what access clear ah theriyum

Other access control models:

• ABAC (Attribute-Based) — attributes based access (time, location, department)
• MAC (Mandatory) — Government/military use, strict labels
• DAC (Discretionary) — Owner decides who gets access

SSO = Oru login, multiple app access.

Without SSO 😫:

• Gmail — separate login
• YouTube — separate login
• Google Drive — separate login
• 10 apps = 10 passwords = 10 headaches!

With SSO 😎:

• Google account login → Gmail, YouTube, Drive, Maps — ellam access!
• One password to remember
• One place to manage security

SSO Protocols:

• SAML — Enterprise SSO standard (XML-based)
• OAuth 2.0 — Authorization framework ("Login with Google")
• OIDC — OpenID Connect, identity layer on top of OAuth
• Kerberos — Windows Active Directory uses this

SSO Risk: Single point of failure — oru account compromise aana, all apps affected! Adhanalaa MFA essential. 🔑

Scenario: Kumar joins TCS as Junior Developer.

Day 1 — IAM in action:

📋 HR creates Kumar's identity in Active Directory

🔑 Kumar gets employee ID + temporary password

📧 Email account auto-provisioned (RBAC: "Developer" role)

💻 Code repo access granted (Git, Jira, Confluence)

🚫 Finance systems — NO access (not his role)

📱 MFA setup — Microsoft Authenticator install

Day 365 — Kumar promoted to Tech Lead:

🔄 Role change: Developer → Tech Lead

✅ New access: Team management tools, deployment servers

📊 Audit: All access changes logged

Kumar leaves company:

❌ All access revoked immediately (de-provisioning)

📧 Email disabled, VPN removed, badges deactivated

This is IAM lifecycle management! 🔄

🔐 Least Privilege = Give minimum access needed to do the job. Nothing more.

Why?

- Attack surface reduce aagum

- Accidental damage prevent aagum

- Compliance requirements meet aagum

Examples:

- Intern ku admin access venaam ❌

- Developer ku production database direct access venaam ❌

- HR ku source code repo access venaam ❌

Implementation:

- Start with zero access, add as needed

- Regular access reviews (quarterly)

- Remove access immediately when not needed

- Temporary elevated access with approval workflow

"Need-to-know basis" — military concept, but cybersecurity la gold standard! 🏆

Industry la use aagura IAM tools:

Cloud IAM is booming — every company cloud ku move aagum bodhu IAM first priority! ☁️

IAM basics recap:

✅ IAM = Identity and Access Management

✅ Authentication = Who are you? (verify identity)

✅ Authorization = What can you do? (check permissions)

✅ MFA = Multiple verification factors (password + OTP)

✅ RBAC = Role-based permissions

✅ SSO = One login, many apps

✅ Least Privilege = Minimum access needed

Next article: "Password Security" — strong passwords create pannuradhu, password managers, and passkeys! 🔒

Challenge: Build an IAM Policy for Startup

Oru tech startup la IAM system design pannunga:

1. Role Definition — 4 roles define pannunga: Admin, Developer, QA, Intern. Each role ku specific permissions decide pannunga (database access, deployment rights, code review).

1. RBAC Implementation — Oru spreadsheet create pannunga. Users list, roles assign, permissions matrix create pannunga. Least privilege principle follow pannunga.

1. MFA Setup — Un personal devices la Google Authenticator, Authy, or Microsoft Authenticator install pannunga. Gmail, GitHub, AWS account la 2FA/MFA enable pannunga.

1. SSO Simulation — Okta trial account signup pannunga (free plan available). Single Sign-On configure pannunga. Multiple apps add pannunga, oru login use panni all access panna paappom.

1. Access Audit — Current access analyze pannunga. "Who has what access?" chart create pannunga. Unnecessary access identify panni remove pannunga (principle of least privilege).

1. Offboarding Checklist — Employee leave pannidha, access revoke enna steps pannuradhu? Checklist create pannunga — systems, accounts, devices, keys ellam remove pannunga.

Certificate: Nee startup ka IAM architect! 🏆

Q1: IAM enna? Real-world analogy solli explain pannunga.

A: IAM = Right person, right time, right resource. Physical example: Office building la security guard. ID verify panni (authentication), employee ID scan panni (authorization), office access allow pannum. Digital la same concept.

Q2: Authentication vs Authorization — clear difference solu.

A: Authentication = "Nee yaaru?" (I am Priya, password prove pannunga). Authorization = "Nee enna panna allowed?" (Priya, nee spreadsheet edit panna allowed, but salary data edit panna allowed ille).

Q3: MFA vs 2FA difference? Which is better?

A: 2FA = exactly 2 factors (usually password + OTP). MFA = 2 or more factors (password + OTP + biometric + security questions). MFA more secure. But 2FA already good protection — 99.9% attacks block aagudhu.

Q4: SSO vs passwords — SSO security risks?

A: SSO convenience increase panunum, single point of failure kuda create panunum. SSO account compromise-ael, all connected apps access lost. Mitigation: SSO provider security strong irukkanum, conditional access policies use pannunga, regular audit pannunga.

Q5: Company la new hire engineer onboard pannuradhu — IAM process enna?

A: 1) Manager request approve panni 2) Orum necessary systems identify panni 3) Least privilege role assign panni 4) Accounts create panni 5) MFA setup ensure panni 6) Access test panni 7) Documentation complete panni.