█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Identity and Access Management/What is IAM?
35 minBeginner

What is IAM?

After this lesson, you will be able to: Explain what IAM is, how authentication and authorization differ, and why controlling access is the foundation of security.

Identity and Access Management decides who can do what, where, and when. It's the quiet plumbing behind every secure system: if access control fails, every other control collapses. This lesson defines the field and frames the rest of the sub-track.

Prerequisites:Intro to Cybersecurity

Authentication vs authorization

Authentication answers "who are you?" (a password, a fingerprint, a security key). Authorization answers "what are you allowed to do?" (read this file, delete this user, withdraw cash). Many security incidents come from confusing the two, proving identity is not the same as having permission.

Authentication
badge reader at the door: who are you?
then→
Authorization
allowed in conference room A only: what can you do?
Authentication proves identity. Authorization decides what that identity is allowed to do. They are separate steps.

The principle of least privilege

Every user, every service, every API key should have the minimum permissions needed to do its job, and nothing more. If a marketing intern doesn't need access to payroll, they shouldn't have it. If your weather app shouldn't read contacts, deny it. Least privilege limits the blast radius of every compromise.

💡 Why IAM matters more than firewalls

Once an attacker is inside your network, firewalls don't help. IAM is what limits what they can do once they're in. Most modern breaches are 'identity breaches', a stolen credential, an over-privileged account, a misconfigured role.

Real-world IAM components you've already used

Logging into Google with your password (authentication), being able to edit your own Drive folder but only view shared ones (authorization), getting an SMS code on a new device (multi-factor), single-sign-on across Gmail/YouTube/Drive (SSO). All of these are IAM in action, you've been using it your whole digital life.

Quick Check

Quick check

An attacker stole an admin's password. Which IAM concept would have prevented full compromise?

Sign in and purchase access to unlock this lesson.

Sign in to purchase
Back to Identity and Access Management
Passwords and Authentication→