An Introduction to Identity & Access Management and Active Directory

Throughout human history, valuable commodities, such as precious metals, rare stones and spices have been secured and guarded. Over time, entities such as banks have developed more secure processes and tools to continuously improve the security of the valuables they retain. Today, data is frequently described as being a precious commodity itself and companies that cannot secure their internal data and their customer’s data, expose themselves to significant risk both legally and financially. To protect the data, companies must control who has access to private information and what they can do with it. This is where Identity and Access Management systems come in and, by extension, Active Directory.

Identity Access Management (IAM) solutions and Active Directory (AD) are both critical components of an organisation’s security strategy. IAM is responsible for managing identities and controlling access to an organisation’s systems, applications, and data, while AD is a centralised directory service that stores and manages information about users and other assets in and/or on a network, such as their role and associated network privileges.

An IAM solution often interacts with directories – for example, AD – to work out if users attempting to access an IAM protected application or asset are authorised to do so. When a user requests access to a system or application, the IAM solution checks the user’s credentials / privileges against the information stored in AD, using protocols such as LDAPs or Kerberos. If the credentials match, and the user has the correct privileges, the IAM solution grants the user access. If the credentials do not match or the user does not have the necessary permissions, the IAM solution denies the user access.

AD is used to authenticate, authorise and therefore allow the connection of users to the appropriate network resources. It stores information about users, computers, applications and even assets such as printers, in a hierarchical structure. This provides a centralised location for managing security and access control.

It is important to note that IAM systems do not require Active Directory to work but it brings about obvious synergies.

The interaction between IAM and AD is important because it allows organisations to manage access control and enforce related security policies in a centralised and organised manner. Active Directory is a reliable source of truth for user information and permissions if it is kept up-to-date. There are several factors that organisations should think about to ensure AD is kept up-to-date, such as:

• Promoting strong internal IAM processes and procedures e.g. automate Joiners, Movers and Leavers (JML) processes that ensure timely changes in HR IT systems once an employee has left or changes role
• Beyond this, implementing an IAM solution that integrates with AD could mean that changes made in HR IT systems can be swiftly seen in AD, reducing administrative overhead to keep user privileges correct across the board.
• Having a single source of truth in AD facilitates maturing the IAM architecture i.e. optimising the data flow between HR IT systems, the IAM solution, AD, IT ticketing systems, etc.

Using an IAM solution that integrates with AD also helps organisations to take advantage of features such as single sign-on (SSO) and multi-factor authentication (MFA). SSO has many benefits, from a user perspective it allows them to access multiple systems and applications with a single set of credentials, reducing the number of times they need to enter their username and password. MFA adds an additional layer of security by requiring users to provide at least a second form of authentication, such as a fingerprint or a one-time code, before being granted access.