{"id":8937,"date":"2025-05-08T16:41:57","date_gmt":"2025-05-08T20:41:57","guid":{"rendered":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/best-practices\/identity-access-management\/"},"modified":"2026-02-02T16:48:52","modified_gmt":"2026-02-02T21:48:52","slug":"identity-access-management","status":"publish","type":"page","link":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/","title":{"rendered":"Understanding Identity and Access Management (IAM)"},"content":{"rendered":"<h2 data-start=\"303\" data-end=\"321\"><strong>Why It Matters<\/strong><\/h2>\n<p data-start=\"323\" data-end=\"444\">IAM ensures the <strong data-start=\"339\" data-end=\"377\">right people, devices, and systems<\/strong> have the <strong data-start=\"387\" data-end=\"421\">right access at the right time<\/strong>.<br data-start=\"422\" data-end=\"425\" \/>It&#8217;s essential for:<\/p>\n<ul data-start=\"445\" data-end=\"546\">\n<li data-start=\"445\" data-end=\"476\">Protecting data and privacy<\/li>\n<li data-start=\"477\" data-end=\"505\">Supporting secure access<\/li>\n<li data-start=\"506\" data-end=\"546\">Enabling efficient campus operations<\/li>\n<\/ul>\n<hr \/>\n<h2 data-start=\"553\" data-end=\"569\"><strong>Core Concepts<\/strong><\/h2>\n<h3><em>Identity<\/em><\/h3>\n<p>A digital identity refers to how a person, device, or application is recognized within a system.<\/p>\n<p>Examples of digital identities:<\/p>\n<ul data-start=\"710\" data-end=\"871\">\n<li data-start=\"710\" data-end=\"763\">People: Students, faculty, staff, contractors<\/li>\n<li data-start=\"764\" data-end=\"818\">Apps &amp; Systems: Scripts, services, cloud tools<\/li>\n<li data-start=\"819\" data-end=\"871\">Devices: Laptops, mobile phones, IoT sensors<\/li>\n<\/ul>\n<h3 data-start=\"1046\" data-end=\"1098\"><em>Authentication \u2013 Proving Who You Are<\/em><\/h3>\n<p data-start=\"1100\" data-end=\"1155\">This step confirms your identity before you get access.<\/p>\n<p data-start=\"1157\" data-end=\"1176\">Common methods:<\/p>\n<ul data-start=\"1177\" data-end=\"1297\">\n<li data-start=\"1177\" data-end=\"1200\">Username + password<\/li>\n<li data-start=\"1201\" data-end=\"1248\">Biometrics (e.g., fingerprint, facial scan)<\/li>\n<li data-start=\"1249\" data-end=\"1297\">One-time codes (MFA apps or hardware tokens)<\/li>\n<\/ul>\n<p data-start=\"1299\" data-end=\"1318\">Best practices:<\/p>\n<ul data-start=\"1319\" data-end=\"1466\">\n<li data-start=\"1319\" data-end=\"1398\">\n<p data-start=\"1321\" data-end=\"1398\">Use Multifactor Authentication (MFA): Adds a second layer of protection<\/p>\n<\/li>\n<li data-start=\"1399\" data-end=\"1466\">\n<p data-start=\"1401\" data-end=\"1466\">Single Sign-On (SSO): Sign in once to access multiple systems<\/p>\n<\/li>\n<\/ul>\n<h3 data-start=\"1473\" data-end=\"1537\"><em>Authorization (AuthZ) \u2013 Controlling What You Can Access<\/em><\/h3>\n<p data-start=\"1539\" data-end=\"1623\">Once your identity is verified, authorization decides what you\u2019re allowed to do.<\/p>\n<p data-start=\"1539\" data-end=\"1623\"><strong>Example<\/strong>: You can log into a finance system (authentication), but only view HR reports if your role allows it (authorization).<\/p>\n<blockquote>\n<p data-start=\"1539\" data-end=\"1623\"><strong>Want a quick visual explanation of IAM?<\/strong><br data-start=\"931\" data-end=\"934\" \/>Watch: <a class=\"\" href=\"https:\/\/www.youtube.com\/watch?v=dGR7smT0fcY\" target=\"_new\" rel=\"noopener\" data-start=\"943\" data-end=\"1039\">What is Identity and Access Management? (YouTube)<\/a><\/p>\n<\/blockquote>\n<hr \/>\n<h2><strong>Best Practices for Users<\/strong><\/h2>\n<p><a href=\"https:\/\/support.microsoft.com\/en-us\/windows\/create-and-use-strong-passwords-c5cebb49-8c53-4f5e-2bc4-fe357ca048eb#:~:text=Create%20strong%20passwords&amp;text=A%20combination%20of%20uppercase%20letters,different%20from%20your%20previous%20passwords.\"><strong>Use Strong, Secure Passwords<\/strong><\/a><\/p>\n<ul>\n<li data-start=\"1832\" data-end=\"1870\">Create long, memorable passphrases<\/li>\n<li data-start=\"1871\" data-end=\"1914\">Don\u2019t reuse college passwords elsewhere<\/li>\n<li data-start=\"1915\" data-end=\"1961\">Never share your password\u2014not even with IT<\/li>\n<\/ul>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/admin\/security-and-compliance\/set-up-multi-factor-authentication?view=o365-worldwide#watch-turn-on-multifactor-authentication\"><strong>Enable and Respect Multifactor Authentication (MFA)<\/strong><\/a><\/p>\n<ul>\n<li data-start=\"2000\" data-end=\"2030\">MFA keeps your account safer<\/li>\n<li data-start=\"2033\" data-end=\"2078\">Use an authentication app or security token<\/li>\n<li data-start=\"2081\" data-end=\"2135\">Only approve login prompts when you are signing in<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.youtube.com\/watch?v=130ioey4isw\"><strong>Understand the Principle of Least Privilege<\/strong><\/a><\/p>\n<ul>\n<li data-start=\"2191\" data-end=\"2243\">You only get access to the systems your role needs<\/li>\n<li data-start=\"2246\" data-end=\"2292\">This protects sensitive data and limits risk<\/li>\n<li data-start=\"2295\" data-end=\"2351\">Request additional access through the official process<\/li>\n<\/ul>\n<p><a href=\"https:\/\/youtu.be\/-aPHg0uRYUI?feature=shared\"><strong>Respect Role-Based Access Control (RBAC)<\/strong><\/a><\/p>\n<ul>\n<li data-start=\"2411\" data-end=\"2471\">Access is assigned by <strong data-start=\"2433\" data-end=\"2445\">job role<\/strong>, not individual request<\/li>\n<li data-start=\"2474\" data-end=\"2513\">Reduces errors, simplifies management<\/li>\n<li data-start=\"2516\" data-end=\"2564\">Avoid informal sharing of roles or permissions<\/li>\n<\/ul>\n<p><a href=\"https:\/\/youtu.be\/MXv-YqR65uA\"><strong>Be Prepared for Regular Access Reviews<\/strong><\/a><\/p>\n<ul>\n<li data-start=\"2615\" data-end=\"2669\">Periodically, you\u2019ll be asked to confirm your access<\/li>\n<li data-start=\"2672\" data-end=\"2734\">Help us keep systems clean by reporting outdated permissions<\/li>\n<\/ul>\n<p><a href=\"https:\/\/youtu.be\/XR1giVrMIrs?feature=shared\"><strong>Segregation of Duties<\/strong><\/a><\/p>\n<ul>\n<li data-start=\"2778\" data-end=\"2841\">Critical functions should be <strong data-start=\"2807\" data-end=\"2839\">split among different people<\/strong><\/li>\n<li data-start=\"2844\" data-end=\"2895\">Prevents one person from having unchecked control<\/li>\n<li data-start=\"2898\" data-end=\"2946\">SoD is reviewed regularly to ensure compliance<\/li>\n<\/ul>\n<p><strong>Don\u2019t Share Accounts or Credentials<\/strong><\/p>\n<ul>\n<li data-start=\"2986\" data-end=\"3024\">Every user must have their own login<\/li>\n<li data-start=\"3027\" data-end=\"3081\">Shared accounts make it impossible to audit activity<\/li>\n<li data-start=\"3084\" data-end=\"3134\">IT can give access to all who need it\u2014individually<\/li>\n<\/ul>\n<p><strong>Report Suspicious Access or Behavior<\/strong><\/p>\n<p>If you notice:<\/p>\n<ul data-start=\"165\" data-end=\"368\">\n<li data-start=\"229\" data-end=\"275\">Someone is accessing resources they shouldn\u2019t<\/li>\n<li data-start=\"276\" data-end=\"368\">You or others retaining access to systems or sensitive information that is no longer needed<\/li>\n<\/ul>\n<p>Please <a href=\"https:\/\/www.trincoll.edu\/lits\/technology\/tech-support\/\">notify ITS<\/a> immediately. Your awareness helps protect the college\u2019s data and systems.<\/p>\n<h4><strong>What Is an <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/fundamentals\/identity-fundamental-concepts#identity-provider\">Identity Provider?<\/a><\/strong><\/h4>\n<ul>\n<li data-start=\"3350\" data-end=\"3486\">An Identity Provider verifies your identity and manages login processes.<br data-start=\"3426\" data-end=\"3429\" \/>It helps ensure secure, consistent access across systems.<\/li>\n<li data-start=\"3488\" data-end=\"3541\">Examples: Microsoft Entra, Google, GitHub, Amazon<\/li>\n<\/ul>\n<h3 data-start=\"3548\" data-end=\"3590\">A Simple Analogy: Checking into a Hotel<\/h3>\n<div class=\"_tableContainer_16hzy_1\">\n<div class=\"_tableWrapper_16hzy_14 group flex w-fit flex-col-reverse\">\n<table class=\"w-fit min-w-(--thread-content-width)\" data-start=\"3592\" data-end=\"3821\">\n<thead data-start=\"3592\" data-end=\"3613\">\n<tr data-start=\"3592\" data-end=\"3613\">\n<th data-start=\"3592\" data-end=\"3601\" data-col-size=\"sm\">Action<\/th>\n<th data-start=\"3601\" data-end=\"3613\" data-col-size=\"sm\">IAM Term<\/th>\n<\/tr>\n<\/thead>\n<tbody data-start=\"3636\" data-end=\"3821\">\n<tr data-start=\"3636\" data-end=\"3689\">\n<td data-start=\"3636\" data-end=\"3667\" data-col-size=\"sm\">Showing ID at the front desk<\/td>\n<td data-col-size=\"sm\" data-start=\"3667\" data-end=\"3689\"><strong data-start=\"3669\" data-end=\"3687\">Authentication<\/strong><\/td>\n<\/tr>\n<tr data-start=\"3690\" data-end=\"3752\">\n<td data-start=\"3690\" data-end=\"3731\" data-col-size=\"sm\">Using your room key to enter your room<\/td>\n<td data-col-size=\"sm\" data-start=\"3731\" data-end=\"3752\"><strong data-start=\"3733\" data-end=\"3750\">Authorization<\/strong><\/td>\n<\/tr>\n<tr data-start=\"3753\" data-end=\"3821\">\n<td data-start=\"3753\" data-end=\"3796\" data-col-size=\"sm\">Access based on your role (guest, staff)<\/td>\n<td data-col-size=\"sm\" data-start=\"3796\" data-end=\"3821\"><strong data-start=\"3798\" data-end=\"3819\">Role-Based Access<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why It Matters IAM ensures the right people, devices, and systems have the right access at the right time.It&#8217;s essential for: Protecting data and privacy Supporting secure access Enabling efficient campus operations Core Concepts Identity A digital identity refers to how a person, device, or application is recognized within a system. Examples of digital identities: [&hellip;]<\/p>\n","protected":false},"author":336,"featured_media":0,"parent":11163,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-8937","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.5 (Yoast SEO v25.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding Identity and Access Management (IAM) - Library &amp; Information Technology Services<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding Identity and Access Management (IAM)\" \/>\n<meta property=\"og:description\" content=\"Why It Matters IAM ensures the right people, devices, and systems have the right access at the right time.It&#8217;s essential for: Protecting data and privacy Supporting secure access Enabling efficient campus operations Core Concepts Identity A digital identity refers to how a person, device, or application is recognized within a system. Examples of digital identities: [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Library &amp; Information Technology Services\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-02T21:48:52+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/\",\"url\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/\",\"name\":\"Understanding Identity and Access Management (IAM) - Library &amp; Information Technology Services\",\"isPartOf\":{\"@id\":\"https:\/\/www.trincoll.edu\/lits\/#website\"},\"datePublished\":\"2025-05-08T20:41:57+00:00\",\"dateModified\":\"2026-02-02T21:48:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Technology\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/technology\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Information Security\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Identity &amp; Access Management Program\",\"item\":\"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Understanding Identity and Access Management (IAM)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.trincoll.edu\/lits\/#website\",\"url\":\"https:\/\/www.trincoll.edu\/lits\/\",\"name\":\"Library &amp; Information Technology Services\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.trincoll.edu\/lits\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding Identity and Access Management (IAM) - Library &amp; Information Technology Services","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/","og_locale":"en_US","og_type":"article","og_title":"Understanding Identity and Access Management (IAM)","og_description":"Why It Matters IAM ensures the right people, devices, and systems have the right access at the right time.It&#8217;s essential for: Protecting data and privacy Supporting secure access Enabling efficient campus operations Core Concepts Identity A digital identity refers to how a person, device, or application is recognized within a system. Examples of digital identities: [&hellip;]","og_url":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/","og_site_name":"Library &amp; Information Technology Services","article_modified_time":"2026-02-02T21:48:52+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/","url":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/","name":"Understanding Identity and Access Management (IAM) - Library &amp; Information Technology Services","isPartOf":{"@id":"https:\/\/www.trincoll.edu\/lits\/#website"},"datePublished":"2025-05-08T20:41:57+00:00","dateModified":"2026-02-02T21:48:52+00:00","breadcrumb":{"@id":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/identity-access-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.trincoll.edu\/lits\/"},{"@type":"ListItem","position":2,"name":"Technology","item":"https:\/\/www.trincoll.edu\/lits\/technology\/"},{"@type":"ListItem","position":3,"name":"Information Security","item":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/"},{"@type":"ListItem","position":4,"name":"Identity &amp; Access Management Program","item":"https:\/\/www.trincoll.edu\/lits\/technology\/security\/identity-access-management-program\/"},{"@type":"ListItem","position":5,"name":"Understanding Identity and Access Management (IAM)"}]},{"@type":"WebSite","@id":"https:\/\/www.trincoll.edu\/lits\/#website","url":"https:\/\/www.trincoll.edu\/lits\/","name":"Library &amp; Information Technology Services","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.trincoll.edu\/lits\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/8937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/comments?post=8937"}],"version-history":[{"count":0,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/8937\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/pages\/11163"}],"wp:attachment":[{"href":"https:\/\/www.trincoll.edu\/lits\/wp-json\/wp\/v2\/media?parent=8937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}