Identity & Access Management (IAM)

Identity Management (IDM)

Manage a companies customer and/or internal users and profiles. It often involves synchronization of identities across multiple systems that utiles the user data, and organizational data, like profiles, groups, teams, organizational structures, and relations between all these and computer systems and services. The use of IDM can enable multiple different forms of Access Management on internal, external and third party systems.

Access Management (AM)

The governing of access to computer systems and services by use of static or dynamic policies and rules. These enable only certain users under the right contexts to access and use the systems according to policies.

An example of this is a customer logging in can only access resources belonging to itself or its company. Another example could be an administrator can access all resources of a system, but only if they log in using multi factor authentication, and only if the access originates from one of a few predetermined locations (cities/country).

Cloud Access Security Broker (CASB)

A cloud access security broker, often abbreviated (CASB), is a security policy enforcement point positioned between enterprise users and cloud service providers. CASBs can combine multiple different security policies, from authentication and credential mapping to encryption, malware detection, and more, offering flexible enterprise solutions that help ensure cloud app security across authorized and unauthorized applications, and managed and unmanaged devices.

FireClover lets you use our IAM to log into Amazon Web Services (AWS) and manage assigned accounts according to set access levels and policies (power user / developer, admin, billing, etc), setting the access levels and limiting to the specific resources (i.e. only resources deployed by the user through FireClover CICD pipelines).

IAM in the FireClover Platform

OpenID Connect and OAuth 2.0

We are fully compliant with the standards of OpenID Connect (OIDC) and OAuth 2.0. Using these we have operate similar to an identity proxy where we let users from other OIDC/OAuth providers like Microsoft, LinkedIn, Google, Facebook, log into our service by first logging into one or more of these providers.