Esc
↑↓ navigate   Enter open   Esc close
Advanced 6 topic areas 45+ exercises

IAM / Identity Engineer

IAM (Identity and Access Management) Engineers specialize in the protocols and systems that control who can access what. Their daily work includes implementing identity provider integrations, writing access governance policies, auditing group memberships, and presenting access risk reports to security leadership. This path builds the precise vocabulary for discussing federation, trust models, and least-privilege design in English.

Start first exercise → Browse all exercises

Topics covered

  • OAuth 2.0 & OIDC
  • SAML federation
  • RBAC & ABAC
  • Directory services
  • PAM & JIT access
  • Identity governance

Vocabulary spotlight

4 terms every IAM / Identity Engineer should know in English:

federation n.

An arrangement that allows users to authenticate using credentials from one trusted identity provider (IdP) to access resources managed by another service provider (SP)

"We set up SAML federation between our corporate IdP and the SaaS vendor, eliminating the need for separate credentials."
RBAC n.

Role-Based Access Control — a model that assigns permissions to roles rather than individuals, so access is managed by assigning users to roles

"RBAC made it easy to provision new developers — we just added them to the contributor role."
JIT access n.

Just-In-Time access — elevated privileges granted on demand for a limited time window rather than permanently assigned

"We replaced standing admin access with JIT access to reduce the blast radius of a compromised account."
entitlement n.

A specific permission or right granted to a user or role — the set of entitlements defines what resources a principal can access and what actions they can perform

"The access review flagged 15 users with entitlements they hadn't used in 90 days."
Open full glossary →

📚 Vocabulary Reference

Key terms organised by category for IAM / Identity Engineers:

Protocols

OAuth 2.0OIDCSAML 2.0SCIMLDAPKerberosFIDO2WebAuthnJWTPKCE

Access Models

RBACABACPBACDACMACleast privilegeseparation of dutieszero trustneed-to-knowprivilege creep

Identity Concepts

identity providerservice providerfederationtrust anchorclaimsassertionprincipalentitlementprovisioningdeprovisioning

PAM & Governance

PAMCyberArkJIT accessstanding accessaccess reviewrecertificationaccess requestgroup membershipprivileged accountvault
Study full vocabulary modules →

Recommended exercises

IAM/Identity Engineer Interview Questions 5 exercises
Interview
Cybersecurity Vocabulary 25 exercises
Vocabulary
Security Architecture Language 5 exercises
Exercises
Identity & Access Management Vocabulary 5 exercises
Exercises
Technical Writing for Security Policies 5 exercises
Writing

Real-world scenarios you'll practise

  • Presenting an access governance quarterly review to the CISO: summarising over-privileged accounts and remediation progress
  • Writing an IAM policy decision record: documenting why you chose ABAC over RBAC for a multi-tenant service
  • Explaining federation setup to a SaaS vendor: walking through the SAML metadata exchange and SP configuration
  • Preparing a JIT access proposal: justifying the migration from standing admin access to ephemeral elevation

Recommended reading

Explore another role

🔍 Search Engineer

Open path →