Skip to main content

Menu

LEVEL 0
0/5 XP
HomeAboutTopicsPricingMy VaultStatsPractice TestsCertifications

Categories

🎓 Certifications
🤖 Artificial Intelligence
☁️ Cloud and Infrastructure
💾 Data and Databases
💼 Professional Skills
🎯 Programming and Development
🔒 Security and Networking
📚 Specialized Topics
CheatGrid
HomeAboutTopicsPricingMy VaultStatsPractice TestsCertifications
LVLEVEL 0
0/5 XP
GitHub
© 2026 CheatGrid™. All rights reserved.
Privacy PolicyTerms of UseAboutContact

Identity and Access Management (IAM) Cheat Sheet

Identity and Access Management (IAM) Cheat Sheet

Back to Cybersecurity
Updated 2026-04-30
Next Topic: Incident Response Cheat Sheet

Identity and Access Management (IAM) is the security discipline that ensures the right individuals access the right resources at the right time for the right reasons. It sits at the intersection of cybersecurity, directory services, authentication protocols, and compliance frameworks, functioning as the gatekeeper between users, applications, and sensitive data. Unlike perimeter-based security models that trust everything inside a network, modern IAM operates on continuous verification, dynamic policy enforcement, and fine-grained access control. The key mental model: identity is the new perimeter—every access decision depends on proving who (or what) is requesting access, what they're allowed to do, and whether the context justifies the request.

What This Cheat Sheet Covers

This topic spans 18 focused tables and 122 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Core IAM ConceptsTable 2: Authentication ProtocolsTable 3: Single Sign-On (SSO) MethodsTable 4: Multi-Factor Authentication (MFA) TypesTable 5: OAuth 2.0 Grant TypesTable 6: OAuth 2.0 and OIDC Token ManagementTable 7: Access Control ModelsTable 8: Role-Based Access Control (RBAC) ConceptsTable 9: Attribute-Based Access Control (ABAC) FeaturesTable 10: Privileged Access Management (PAM)Table 11: Directory Services and ProtocolsTable 12: Identity Federation and ProvisioningTable 13: Advanced Authentication MethodsTable 14: Session and Logout ManagementTable 15: Identity Governance and Administration (IGA)Table 16: Identity Proofing and AssuranceTable 17: Machine and Workload IdentitiesTable 18: Security Best Practices and Policies

Table 1: Core IAM Concepts

Before any protocol or product makes sense, you need the vocabulary that everything else builds on—the difference between proving who you are (authentication) and what you're allowed to do (authorization), and the players involved when an identity provider vouches for a user to a service provider. These are the building blocks every later table assembles into real systems.

ConceptExampleDescription
Identity
user_id: john.doe@company.com
• Digital representation of a person, service, or device within a system
• serves as the anchor for all access decisions.
Authentication
User enters password → system verifies
• Process of proving an identity is legitimate
• answers "Are you who you claim to be?" through credentials, tokens, or biometrics
Authorization
User has "read" permission on file
• Process of determining what an authenticated identity can access
• defines permissions, roles, and policies after identity is proven
Identity Provider (IdP)
Okta, Azure AD, Google
• Centralized service that authenticates users and issues tokens
• acts as the source of truth for identity verification in federated systems
Service Provider (SP)
SaaS app that relies on IdP
• Application or service that delegates authentication to an IdP
• trusts identity assertions from the provider to grant access

More in Cybersecurity

  • Firewalls & VPNs Cheat Sheet
  • Incident Response Cheat Sheet
  • 1Password Password Manager Cheat Sheet
  • Cryptography and Encryption Cheat Sheet
  • MITRE ATT&CK Framework Cheat Sheet
  • Security in Web Applications Cheat Sheet
View all 34 topics in Cybersecurity