CyberArk Glossary >

What is Access Management?

Businesses use access management solutions to authenticate, authorize, and audit access to applications and IT systems. Often delivered as a component of an identity and access management (IAM) solution, access management solutions help strengthen security and reduce risk by tightly controlling access to on-premises and cloud-based applications, services, and IT infrastructure. They help ensure the right users have access to the right resources at the right times for the right reasons.

Most access management solutions include tools for administering access privileges and tracking logon attempts and access activity. Historically, access management solutions were delivered as traditional on-premises software applications. Today, most businesses leverage Identity as a Service (IDaaS) offerings that provide cloud agility, simplicity, and economics. Cloud-based access management solutions help businesses simplify operations, accelerate time-to-value, and gain instant and infinite scalability.

Workforce Access Management vs Customer Access Management

Software vendors and solution providers offer two different types of access management solutions. Workforce access management solutions are used to authenticate and authorize employees and contractors accessing corporate applications and IT systems. Customer access management solutions are used to authenticate and authorize consumers and clients accessing public-facing applications and services.

Workforce access management solutions are engineered to support hundreds of thousands of users, and are designed to integrate with enterprise IT systems and directory services. Customer access management solutions, on the other hand, are engineered to support millions of users, and are designed to integrate with social and cloud platforms used by consumers.

Although they are aimed at different audiences and support different operating environments, workforce access management solutions and customer access management solutions both provide multi-factor authentication functionality and single sign-on capabilities.

Multi-Factor Authentication

Most access management solutions support Multi-Factor Authentication (MFA) functionality to protect against user impersonation and credential theft. With MFA, a user must present multiple forms of evidence to gain access to an application or system, for example, a password and a one-time, short-lived SMS code.

Authentication factors include:

  • Knowledge factors – something the user knows, such as a password or an answer to a security question
  • Possession factors – something the user has such as a mobile device or proximity badge
  • Inherence factors – something biologically unique to the user such as a fingerprint or facial characteristics
  • Location factors – the user’s geographic position

Best-of-breed solutions support AI-powered adaptive authentication methods, using contextual or behavioral analytics and administratively defined policies to determine which authentication factors to apply to a particular user in a specific situation.

Single Sign-On

Most access management solutions support Single Sign-On (SSO) capabilities to allow users to access all their applications and services using a single set of credentials. SSO improves user experiences by eliminating password sprawl and frustration. It also strengthens security by eliminating risky practices like users recording passwords on paper or using the same password for all applications. Most access management solutions support standards-based identity management protocols such as SAML, Oauth, and OpenID Connect to enable federation and peering. For example, in a customer access management scenario, identity federation functionality lets users access a public website using their social networking credentials such as their Facebook, Google, or Microsoft login credentials.

Learn More About Access Management