DEV Community


Posted on

Authentication, SSO, IAM, Federation


Once I started implementing an authentication system, I found myself coming back to these terms again and again to separate their individual roles and purpose in the system. This article was created to serve as a quick reference.


  • process of the Principal proving its identity to the System
    • Examples of Principal
      • application
      • computer system
      • human
      • hardware, etc
    • System is any computer system that requires identification before allowing access
    • System could be hosted on
      • server
      • device
      • browser, etc

Single Sign On (SSO)

  • characteristic of an authentication mechanism
    • that relates to
    • the user's identity being used to
      • provide access across multiple Service Providers
  • allows a single authentication system to be used across multiple systems
  • The single authentication mechanism could be
    • LDAP or such directory server
    • a system generating trusted token
    • Federation (see below)

Identity and Access Management (IAM)

  • the management of identity concerns within an information technology organization
  • can include
    • authentication of users and system
    • authorization of those users and systems
    • user provisioning
    • audit of identity systems
    • user repository management (like LDAP or Active Directory)
    • password policies and other concerns


  • common standards and protocols
    • to manage and map user identities
    • between Identity Providers
      • across org (and sec domains)
    • via trust rel (like dig sig, enc, PKI)
  • a sub-discipline of IAM, but typically the same team(s) is involved in supporting it
  • a type of SSO where the actors span multiple organizations and security domains


For a deep dive into the above (and more):


If you found this quick reference article useful, you may also benefit from

Top comments (0)