Week 6.0 Implement Identity and Access Management

Overview

This module explores how organizations verify user identities, control access to systems, and enforce secure authentication practices. Because identity is the foundation of cybersecurity, students learn the principles, tools, and technologies that ensure only the right people access the right resources at the right time.

The course begins with Authentication Design, which introduces how systems confirm a user’s identity using one or more verification methods. Students learn the basics of Password Concepts, including what makes a password strong, why weak passwords fail, and the importance of protecting credentials. This leads into the use of Password Managers, tools that securely store and generate complex passwords so users don’t have to memorize them.

Next, the module covers Multifactor Authentication (MFA)—a security mechanism requiring at least 2 verification factors such as passwords, biometrics, or physical tokens. Students examine how Biometric Authentication works through fingerprints, facial recognition, or iris scans, and the security considerations around storing and protecting biometric data.

The course also compares Hard Authentication Tokens (physical devices like smart cards or hardware keys) and Soft Authentication Tokens (app-based or SMS codes), explaining how they strengthen identity verification. From there, learners explore Passwordless Authentication, which replaces traditional passwords with biometrics, tokens, or cryptographic keys to improve both security and user experience.

The module then shifts into access control models used to determine what a user can do after authentication. Discretionary and Mandatory Access Control introduce basic permission systems where resource owners or administrators enforce security. Students also explore Role-Based and Attribute-Based Access Control, which allow organizations to grant permissions based on job roles or user characteristics. Rule-Based Access Control is introduced as a policy-driven model where access depends on rules such as time of day or network location. All access control approaches support the core principle of Least Privilege Permission Assignments, ensuring users receive only the minimum access required for their tasks.

Students also learn how organizations manage user identities through User Account Provisioning, where new accounts are created, updated, and eventually removed from systems. The module explains how Account Attributes and Access Policies define a user’s role, department, or privileges, while Account Restrictions—like login time limits or location restrictions—help enforce security. Because managing elevated privileges is critical, the course covers Privileged Access Management (PAM), which controls and monitors high-level administrative accounts.

The course continues with how organizations authenticate users in different environments. Learners compare Local, Network, and Remote Authentication, discovering how credentials are validated directly on a device, through a centralized server, or over a remote connection. This leads into Directory Services, such as Microsoft Active Directory or LDAP, which store user accounts and make centralized authentication possible.

To simplify user login across multiple services, the module explains Single Sign-On (SSO), allowing users to authenticate once and access multiple systems. Building on this, Federation is introduced as a method that lets different organizations trust each other’s identities—useful for partnerships or cloud services. Technologies like Security Assertion Markup Language (SAML) and Open Authentication (OAuth) are explored as the underlying protocols that power federated identity, cloud logins, and modern authentication workflows.

By the end of this module, learners gain a strong understanding of authentication methods, access control models, identity management practices, and modern login technologies used across today’s enterprises. These concepts are essential for anyone working in cybersecurity, IT administration, or access management roles.