Abstract

The Identity and Access Management domain focuses on appropriately controlling access to data and systems. Proper identification and authentication must precede granting any access. The domain explores various aspects of single and multifactor authentication (MFA), including deficiencies of password-only authentication, challenges with biometrics, and the use of tokens. The domain demonstrates the need for credential management and Single Sign-On (SSO) on-premises and recognizes organizations’ growing use of cloud identity providers and Federated Identity Management (FIM). The domain explores authentication and authorization protocols such as Kerberos, SAML, OAuth, and OpenID ...