← All glossary categories

Access Management

Core access control concepts: authentication, authorization, RBAC, ABAC, MFA, SSO, and session management across human and non-human identities.

11 terms in Access Management

12 min read

What is Identity and Access Management?

Identity and Access Management, or IAM, is the set of policies, processes, and technologies used to manage digital identities and control access to systems, applications, data, and infrastructure.

IAMIdentity and Access ManagementAuthentication
11 min read

IAM Basics: A Beginner's Guide to Identity and Access Management

A beginner-friendly guide to Identity and Access Management. Learn how IAM works, the core building blocks, real-world examples, and the practices that help organizations control who can access what.

IAMIdentity and Access ManagementAuthentication
9 min read

Authentication vs Authorization: What is the Difference?

Authentication answers 'who are you?' while authorization answers 'what are you allowed to do?'. Learn the difference, how they work together, real-world examples, and common mistakes.

AuthenticationAuthorizationIAM
9 min read

What is Least Privilege Access?

Least privilege access is the principle of granting every identity only the permissions it needs to perform its task — and nothing more. Learn what it means, why it matters, and how to implement it.

Least PrivilegeIAMExcessive Permissions
7 min read

What is Role-Based Access Control?

Role-Based Access Control (RBAC) is an access management model where permissions are assigned to roles, and users get permissions by being assigned to roles. Learn how it works, examples, and best practices.

RBACAccess ControlIAM
7 min read

What is Attribute-Based Access Control?

Attribute-Based Access Control (ABAC) makes authorization decisions using attributes of the user, the resource, the action, and the environment. Learn what ABAC is, how it differs from RBAC, examples, and best practices.

ABACAccess ControlIAM
8 min read

What is Privileged Access Management?

Privileged Access Management (PAM) is the security discipline of controlling, monitoring, and securing accounts and sessions that hold elevated privileges. Learn what PAM is, how it works, and why it matters.

PAMPrivileged AccessJust-in-Time
8 min read

What is Identity Lifecycle Management?

Identity Lifecycle Management is the end-to-end process of creating, updating, and removing identities across systems — from joiner to mover to leaver. Learn how it works and why it matters.

Identity LifecycleJoiner Mover LeaverJML
7 min read

What is Access Review?

Access review is the process of periodically verifying that users, applications, and other identities still need the access they have. Learn what access reviews are, why they matter, and how to do them well.

Access ReviewAccess CertificationIGA
8 min read

Common IAM Mistakes That Increase Security Risk

Most identity-related breaches succeed because of common, well-known IAM mistakes — not exotic attacks. Learn the most damaging IAM mistakes, why they happen, and how to fix them.

IAMIdentity SecurityMisconfigurations
5 min read

What Is Overprivileged Access?

Overprivileged access exists when a user, application, service account, or workload has more permissions than it actually needs, expanding blast radius and risk.

Overprivileged AccessLeast PrivilegeBlast Radius

See your identity risk clearly.

Start with a 1-day Proof of Value in your own environment.

We respect your privacy

We use cookies to keep this site secure and working properly. With your permission, we also use optional cookies to understand usage and improve the experience. Cookie Policy

You can change your choice at any time.

Access Management Glossary | Identity Security Terms | Forestall