Identity & Access Management
Centralized identity, authentication, authorization, and federation for users and services.
Identity & Access Management Architecture
Detailed view showing components, connections, and data flow
Core Components
Supporting Services
Data Flow
Security Boundary
Enables Architectural Patterns
Hexagonal Architecture
Domain-centric design separating core logic from external concerns via ports (interfaces) and adapters.
Clean Architecture
Domain‑centric, dependency‑inversion style family emphasizing concentric layers (entities, use cases, interfaces) and the Dependency Rule.
N‑Tier (Client‑Server) Architecture
Multi-tier runtime architecture (e.g., presentation, application, data) where clients request services from servers across tiers.
What it is
IAM provides digital identity lifecycle, authn/z, federation, and policy enforcement for humans and workloads across the estate.
Responsibilities
- Identity lifecycle (provisioning, deprovisioning)
- Authentication (MFA, risk-based)
- Authorization (RBAC, ABAC, PBAC)
- Federation (OIDC/SAML) and secrets/PKI
Core capabilities
- Policy as code and centralized auditing
- Service-to-service identity (mTLS, SPIFFE/SPIRE)
- Just-in-time and just-enough access
- Zero trust posture and session management
Architecture patterns
- Token-based auth (JWT, OAuth2)
- Attribute and policy-based access control
- Federated identity across SaaS and on-prem
- Workload identity with short-lived creds
Tech examples
- WSO2 Identity Server
- WSO2 IAM SaaS solution Asgardeo
- Keycloak
- Auth0
- Azure AD
- Okta
- SPIRE
KPIs/SLIs
- Auth success rate and latency
- Policy evaluation latency
- Credential compromise and rotation compliance
- Access request lead time