Cyber Security: Identity Access Management and Authentication

Macquarie University via Coursera

Go to class Write review

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off

One annual plan covers every course and certificate on Coursera. 40% off for a limited time.

Get Full Access

• Watch our course introduction video before you enroll! (copy and paste into browser) https://vimeo.com/1176040828 Cyber Security: Identity and Access Management (IAM) and Authentication This course is for IT professionals, security leaders, and aspiring IAM specialists. Identity and Access Management (IAM) is critical for protecting digital systems, data, and users. This course offers practical guidance for building, managing, and securing authentication systems in modern enterprises. Co-designed with industry partners, it provides real-world case studies and tools for managing identity and access across cloud and on-prem environments. By the end of this course, you will be able to: • Understand IAM fundamentals and architecture design. • Implement lifecycle processes like onboarding, provisioning, and recovery. • Configure Identity federation and Single Sign-On (SSO). • Apply multi-factor (MFA) and biometric authentication methods. • Perform risk analysis and mitigate threats in IAM systems. • Implement modern passwordless authentication, including FIDO2 and WebAuthn. • Design and secure identity systems against evolving threats. You will gain practical experience with concepts applicable to tools like Azure AD, Okta, and AWS IAM. To succeed, you should have a basic understanding of IT concepts and network security. No prior IAM experience is required.

Syllabus

Core Identity Access Management

Managing who has access to what, and when is critical to securing systems and data. This topic introduces the fundamentals of Identity and Access Management (IAM) and lays the groundwork for the course. You will explore the core components of the IAM ecosystem, learn to discuss IAM in business and technical contexts, and become familiar with common authentication methods. We will also break down effective IAM architecture elements, providing tools to start designing access management systems based on organizational requirements. By the end of this topic, you will understand how IAM supports security and operations and be able to design a simple, effective IAM architecture tailored to real-world needs.

Identity Access Management: Processes and Tools

Effective identity and access management involves managing the entire user lifecycle, not just authentication. In this topic, you will explore the key processes that underpin IAM, from onboarding and provisioning to password recovery and deactivation. We will examine how these processes differ across cloud and on-premises environments, and discuss the limitations, compromises, and security trade-offs that come with each. You will also learn to configure selected IAM processes and adapt them to meet your organization's needs. By the end of this topic, you will have a clear understanding of how IAM processes support secure access at every stage of the user journey and how to implement them effectively in real-world environments.

Identity Federation for Digital Security

With cloud services, multiple platforms, and growing user demands, seamless and secure access is essential. This topic explores identity federation, which links a user’s digital identity across systems and organizations for smoother, more secure authentication. You will learn how identity federation is implemented in both cloud and on-prem environments, and how it enables features like Single Sign-On (SSO) and Single Logout (SLO). We will also look at the growing use of social login and how federated identities simplify user access while maintaining security. By the end of this topic, you will understand how to evaluate and implement identity federation in real-world IAM systems, and how to choose the right approach for your organizational needs.

Multi-Factor Authentication for Cyber Security

With advancing cyber threats, relying on a single password is no longer enough. This topic introduces two-factor (2FA) and multi-factor authentication (MFA), key strategies for strengthening identity verification and reducing unauthorized access. You will explore the differences between 2FA, MFA, and multilayered authentication, and understand how methods like memorized secrets, generated codes, out-of-band verification, and biometric authentication contribute to secure access. We will also critically evaluate the strengths and limitations of each approach. By the end of this topic, you will be equipped to implement second factor authentication into an IAM flow and make informed decisions about which factors to apply in different security contexts.

Cyber Risk, Vulnerabilities, and Threats

Even the most advanced authentication systems are not immune to risk. In this topic, we examine the threat landscape surrounding identity and access management, diving into the vulnerabilities and attack vectors that continue to challenge even well-designed security frameworks. You’ll explore real-world examples of compromised authentication systems, learn how attackers exploit weak points, and uncover lessons from past failures. We’ll also assess the risks and threats specific to various authentication methods, giving you the insight needed to critically evaluate and strengthen IAM implementations.By the end of this topic, you’ll not only understand the risks, you’ll gain practical experience in defending against a selected attack vector, equipping you with the knowledge to build more secure authentication environments.

Cryptography and Passwordless Authentication

With evolving cyber threats, our approach to authentication must adapt. Traditional passwords are increasingly vulnerable and difficult to manage for users and IT teams. In this topic, we explore passwordless authentication, a security model that replaces static passwords with cryptographic methods and modern protocols. You will learn how passwordless authentication fits into IAM flows, examine technologies like FIDO2 and WebAuthn, and consider if these approaches can truly replace passwords. We will also look back at earlier methods such as smartcards and PIV to understand how the concept has evolved. By the end of this module, you will understand how to design and implement passwordless solutions that enhance security and user experience.