Security & Identity
IAM — Identity and Access Management — answers two questions every app has to ask on every request: who are you? and what are you allowed to do? This course builds up the answer from a single login to enterprise single sign-on. It does not wire you into a specific identity provider — it gives you the foundational concepts and mental models you need to reason about authentication and authorization wherever you build.
What you'll learn
- Authentication vs. authorization — the two questions, kept straight
- How a server remembers you after login: server-side sessions vs. JWTs
- Where to keep a token in the browser, and the XSS/CSRF tradeoff
- Authorization models: RBAC and ABAC for deciding what a user may do
- Delegated access with OAuth, PKCE, and OIDC
- Enterprise identity: SAML single sign-on and LDAP directories
Prerequisites
Basic comfort with how the web works — HTTP requests, cookies, and a little JavaScript. No prior security or identity experience required.
Estimated time
~30 minutes