Home
LITS

Understanding Identity and Access Management (IAM)

Why It Matters

IAM ensures the right people, devices, and systems have the right access at the right time.
It’s essential for:

  • Protecting data and privacy
  • Supporting secure access
  • Enabling efficient campus operations

Core Concepts

Identity

A digital identity refers to how a person, device, or application is recognized within a system.

Examples of digital identities:

  • People: Students, faculty, staff, contractors
  • Apps & Systems: Scripts, services, cloud tools
  • Devices: Laptops, mobile phones, IoT sensors

Authentication – Proving Who You Are

This step confirms your identity before you get access.

Common methods:

  • Username + password
  • Biometrics (e.g., fingerprint, facial scan)
  • One-time codes (MFA apps or hardware tokens)

Best practices:

  • Use Multifactor Authentication (MFA): Adds a second layer of protection

  • Single Sign-On (SSO): Sign in once to access multiple systems

Authorization (AuthZ) – Controlling What You Can Access

Once your identity is verified, authorization decides what you’re allowed to do.

Example: You can log into a finance system (authentication), but only view HR reports if your role allows it (authorization).

Want a quick visual explanation of IAM?
Watch: What is Identity and Access Management? (YouTube)

Best Practices for Users

Use Strong, Secure Passwords

  • Create long, memorable passphrases
  • Don’t reuse college passwords elsewhere
  • Never share your password—not even with IT

Enable and Respect Multifactor Authentication (MFA)

  • MFA keeps your account safer
  • Use an authentication app or security token
  • Only approve login prompts when you are signing in

Understand the Principle of Least Privilege

  • You only get access to the systems your role needs
  • This protects sensitive data and limits risk
  • Request additional access through the official process

Respect Role-Based Access Control (RBAC)

  • Access is assigned by job role, not individual request
  • Reduces errors, simplifies management
  • Avoid informal sharing of roles or permissions

Be Prepared for Regular Access Reviews

  • Periodically, you’ll be asked to confirm your access
  • Help us keep systems clean by reporting outdated permissions

Segregation of Duties

  • Critical functions should be split among different people
  • Prevents one person from having unchecked control
  • SoD is reviewed regularly to ensure compliance

Don’t Share Accounts or Credentials

  • Every user must have their own login
  • Shared accounts make it impossible to audit activity
  • IT can give access to all who need it—individually

Report Suspicious Access or Behavior

If you notice:

  • Someone is accessing resources they shouldn’t
  • You or others retaining access to systems or sensitive information that is no longer needed

Please notify ITS immediately. Your awareness helps protect the college’s data and systems.

What Is an Identity Provider?

  • An Identity Provider verifies your identity and manages login processes.
    It helps ensure secure, consistent access across systems.
  • Examples: Microsoft Entra, Google, GitHub, Amazon

A Simple Analogy: Checking into a Hotel

Action IAM Term
Showing ID at the front desk Authentication
Using your room key to enter your room Authorization
Access based on your role (guest, staff) Role-Based Access