KoreField
Lessons/Cybersecurity and AI Security/Beginner/IAM Basics

Identity, Authentication, and Authorisation

25 min Video + Text
Distinguish authentication from authorisationUnderstand identity providers and federationExplain the principle of least privilege

AI Avatar Lesson

Video will be available when Cloudflare Stream is configured

25 min
Coming Soon

Why IAM Matters

Identity and Access Management is the cornerstone of every security programme. Before you can protect data, systems, or AI models, you need to know who is requesting access and what they are allowed to do.

Authentication vs Authorisation

  • Authentication (AuthN) — verifying who you are (passwords, MFA, biometrics)
  • Authorisation (AuthZ) — verifying what you can do (roles, policies, scopes)
  • Identity Provider (IdP) — a trusted service that issues identity tokens (e.g., Okta, Azure AD)
  • Federation — trusting identities across organisational boundaries via protocols like SAML or OIDC

Principle of Least Privilege

Every user, service, or AI agent should have only the minimum permissions required to perform its task. Over-provisioned access is the root cause of most security breaches.

Security tip: If a service account can read and write to every database table, it violates least privilege. Scope it to only the tables it actually needs.

Key Takeaway

IAM = AuthN + AuthZ. Always start with least privilege and expand only when justified.

Review Questions

1. What does authentication verify?

2. What is the principle of least privilege?

Next Lesson