Identity and Access Management (IAM)
Identity and Access Management (IAM) encompasses all processes and systems through which organizations manage their users' digital identities and control who is permitted to access which systems, applications, and data. IAM covers the entire lifecycle of a user identity: from the creation of a new account during onboarding, through the adjustment of permissions when roles change, to full deactivation when an individual leaves the organization. The goal is to manage access to IT resources in a targeted, traceable, and secure manner.
IAM is built on the principle of least privilege — meaning users can only access the resources they actually need for their specific tasks. This is typically implemented technically through role-based access control, in which permissions are assigned not to individual users but to defined roles. Well-known components of an IAM system include directory services such as Active Directory (AD) or LDAP, Single Sign-On (SSO) for unified authentication, and Privileged Access Management for particularly sensitive administrator accounts.
For public authorities and organizations with many employees and complex IT structures, IAM is a central tool for meeting compliance requirements. When an employee leaves the organization but their account is not deactivated promptly, an immediate security risk arises. IAM systems automate such processes and ensure that access rights are consistently granted, revoked, and logged in an audit-proof manner. Particularly in the context of NIS2 and BSI IT-Grundschutz, this auditability is a decisive factor.
The key advantage of a well-designed IAM lies in the combination of security and efficiency. IT departments are relieved of administrative burden as permissions are granted and adjusted automatically, while the risk of orphaned accounts and unauthorized access is simultaneously reduced. For organizations subject to regulatory requirements, IAM also provides the traceable documentation needed during audits and regulatory inquiries.
IAM forms the organizational foundation on which technical measures such as the central management and security of end devices can achieve their full effect.