<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1063935717132479&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1063935717132479&amp;ev=PageView&amp;noscript=1 "> Intro to IAM

Intro to IAM

Security & Identity

IAM — Identity and Access Management — answers two questions every app has to ask on every request: who are you? and what are you allowed to do? This course builds up the answer from a single login to enterprise single sign-on. It does not wire you into a specific identity provider — it gives you the foundational concepts and mental models you need to reason about authentication and authorization wherever you build.

What you'll learn

  • Authentication vs. authorization — the two questions, kept straight
  • How a server remembers you after login: server-side sessions vs. JWTs
  • Where to keep a token in the browser, and the XSS/CSRF tradeoff
  • Authorization models: RBAC and ABAC for deciding what a user may do
  • Delegated access with OAuth, PKCE, and OIDC
  • Enterprise identity: SAML single sign-on and LDAP directories

Prerequisites

Basic comfort with how the web works — HTTP requests, cookies, and a little JavaScript. No prior security or identity experience required.

Estimated time

~30 minutes

Course outline

  1. Taxonomy: AuthN vs. AuthZ
  2. Sessions and Tokens
  3. Storing Tokens in the Browser
  4. Authorization Models
  5. Delegated Access