Exam Objective 4.6

Given a scenario, implement and maintain identity and access management.

• Provisioning user accounts: Creating user accounts
• Deprovisioning user accounts: Disabling or blocking user accounts
• Permission assignments and implications: Allocating permissions
• Identity proofing: Confirming user identities securely
• Federation: Integrating identity across systems
• Single Sign-On (SSO): Simplifying access with one login:
  • Lightweight Directory Access Protocol (LDAP): Directory service for information access
  • Open Authorization (OAuth): A standard for secure authorization
  • Security Assertions Markup Language (SAML): XML-based authentication and authorization:
    • Interoperability: Ensuring different systems work together
    • Attestation: Confirming the validity of information
• Access controls: Managing who can access what:
  • Mandatory access controls: Enforcing strict access rules
  • Discretionary access controls: Where users control access to their data
  • Role-based access...