Identity and access management (IAM or IdAM) or Identity management (IdM), is a framework of policies and technologies to ensure that the right users (that are part of the ecosystem connected to or within an enterprise) have the appropriate access to technology resources.
In addition to users, managed entities typically include hardware and network resources and even applications.
[6] It can be interpreted as the codification of identity names and attributes of a physical instance in a way that facilitates processing.
Contrast this situation with properties that might be externally used for purposes of information security such as managing access or entitlement, but which are simply stored, maintained and retrieved, without special treatment by the model.
It simplifies access monitoring and verification and allows the organizations to minimize excessive privileges granted to one user.
[8] For internal use identity management is evolving to control access to all digital assets, including devices, network equipment, servers, portals, content, applications and/or products.
Putting personal information onto computer networks necessarily raises privacy concerns.
Helping users decide how to manage access to their personal information has become an issue of broad concern.
[13][14] Research related to the management of identity covers disciplines such as technology, social sciences, humanities and the law.
[16] Within the Seventh Research Framework Programme of the European Union from 2007 to 2013, several new projects related to Identity Management started.
The PICOS Project investigates and develops a state-of-the-art platform for providing trust, privacy and identity management in mobile communities.
[17] SWIFT focuses on extending identity functions and federation to the network while addressing usability and privacy concerns and leverages identity technology as a key to integrate service and transport infrastructures for the benefit of users and the providers.
[18] Ongoing projects include Future of Identity in the Information Society (FIDIS),[19] GUIDE,[20] and PRIME.
How effectively and appropriately such tools are used falls within scope of broader governance, risk management, and compliance regimes.