Identity and Access Management (IAM)
Satisfaction rate
4.5
Success rate
4.9
Introduction and fundamentals for securing information systems
The target audience for training
- IT managers, CISOs, security analysts, clearance managers.
- Cybersecurity consultants, technical auditors.
- HR or business line managers involved in rights management.
What you will learn
- Understanding the key concepts of IAM and their role in enterprise cybersecurity.
- Identify the components of an IAM architecture (identity management, authorisations, authentication, federation, etc.).
- Mapping roles, rights and access according to security principles (RBAC, ABAC, Zero Trust).
- Discover best practices for securing access throughout the user lifecycle.
- Understanding IAM-related standards, reference systems and tools (ISO 27001, NIST, IAM tools on the market).
Training programme
- Duration: 1 day
- Introduction: Why IAM is a cornerstone of modern cyber security
- Module 1: Fundamental concepts - identities, roles, authorisations
- Definition and objectives of IAM.3
- Terminology: identity, provisioning, authorisation, SSO, MFA, federation.
- IAM vs IGA (Identity Governance & Administration).
- Importance of IAM in the regulatory framework (ISO, RGPD, NIS2, etc.).
- Players involved (IT, HR, security, business lines).
- Module 2: Identity lifecycle: creation, modification, withdrawal
- Stages: onboarding, internal mobility, offboarding.
- IS account management (Active Directory, SaaS applications, etc.).
- Automated versus manual processes.
- Notion of "Just Enough Access" and "Just In Time Access".
- Security checkpoints (rights review, SoD).
- Module 3: Access governance models: RBAC, ABAC, Zero Trust
- RBAC (Role Based Access Control): principles, construction, risks.
- ABAC (Attribute Based Access Control): flexibility, context.
- PBAC / UBAC / SoD (Separation of responsibilities).
- Introduction to the Zero Trust model applied to IAM.
- How to document and audit an access policy.
- Module 4: Overview of IAM tools: Azure AD, Okta, CyberArk, etc.
- Presentation of the major IAM publishers: Microsoft Entra (formerly Azure AD), Okta, CyberArk.
- Integrated IAM vs specialised solutions.
- Key features: directories, SSO, MFA, synchronisation, reporting.
- Integration with corporate directories (LDAP, AD, etc.).
- Guided case study: mapping rights in a fictitious information system
- MCQs + discussions on IAM projects in companies
Assessment procedures
- Final MCQ to validate prior learning (20 questions).
Teaching methods
- Training led by an experienced IAM consultant.
- Case studies, interactive quizzes, presentation of typical architectures.
- Full digital course support with diagrams, glossary and practical worksheets.
Training objectives
At the end of the course, participants will be able to :
- Define what IAM is and why it is central to a cybersecurity policy.
- Describe the main functions and processes in the identity lifecycle.
- Understanding access governance and rights models (RBAC, SoD, etc.).
- Identifying the business, technical and organisational challenges associated with IAM.
- Understand the IAM solutions on the market and the levers for transformation.
Training prerequisites
- Basic knowledge of information systems or cybersecurity.
- Initial exposure to access management issues is a plus.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 1 day
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).