Identity & Access Management

Authentication, authorization, SSO, MFA, and identity governance.

Overview

IAM ensures only authorized users access resources.

Authentication Factors

Multi-Factor Authentication

# TOTP Implementation
import pyotp

# Generate secret
secret = pyotp.random_base32()
totp = pyotp.TOTP(secret)

# Generate code
code = totp.now()

# Verify code
is_valid = totp.verify(code)

Authorization Models

Role-Based Access Control (RBAC)

roles:
  admin:
    - users: [create, read, update, delete]
    - posts: [create, read, update, delete]
  editor:
    - posts: [create, read, update]
    - comments: [read, delete]
  viewer:
    - posts: [read]
    - comments: [read]

Attribute-Based Access Control (ABAC)

def check_access(user, resource, action):
    if user.department == resource.department:
        if action in user.permissions:
            return True
    return False

Single Sign-On (SSO)

SAML Flow

1. User → Service Provider (SP)
2. SP → Identity Provider (IdP)
3. IdP → User (authenticate)
4. User → IdP (credentials)
5. IdP → SP (SAML assertion)
6. SP → User (access granted)

OAuth 2.0 Flows

Authorization Code Flow:
1. User → Client → Authorization Server
2. Authorization Server → User (login)
3. User → Authorization Server (authorize)
4. Authorization Server → Client (code)
5. Client → Authorization Server (exchange code for token)
6. Authorization Server → Client (access token)

Password Security

# Password hashing with bcrypt
import bcrypt

# Hash password
password = b"secure_password"
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(password, salt)

# Verify password
if bcrypt.checkpw(password, hashed):
    print("Password matches")

Identity Governance

1. Access Reviews — Regular audits
2. Provisioning — Automated account management
3. Compliance — Regulatory adherence
4. Reporting — Access analytics

Practice

Implement MFA and SSO for a web application.