What is the difference between IAM and Azure AD on the azure cloud?

What is the difference between IAM and Azure AD on the azure cloud?

Identity Access Management is what they call the Role-Based Access Control system in Azure subscriptions. Basically, it allows you to give users certain roles on subscriptions, resource groups, or individual resources.

Azure AD is a more general identity management solution. It allows you to manage users and applications, users access to those applications and more. Calling it the same as on-prem AD is not really quite right, since their features differ quite a lot. The general purpose is similar to on-prem AD of course.

Logically Azure subscriptions exist within one Azure AD (they are linked to one). But having your user account in Azure AD does not give you access to Azure subscriptions! In addition to a user having to be a member (or invited guest user) of the AAD assigned to the subscription, you also have to use the RBAC (IAM) system to assign roles for users.

Azure AD is for Authentiction – User must prove who they are using a Username and Password
IAM (RBAC) is for Authorization – a User is assigned a role or permissions to use a specific resource.

What is the difference between IAM and Azure AD on the azure cloud?

What is the difference between IAM and Azure AD on the azure cloud?

Azure IAM is Azure Role-Based Access control (RBAC). Work for Azure subscription, to manage Azure resources.

Using RBAC, you can segregate duties within your team and grant only
the amount of access to users that they need to perform their jobs.
Instead of giving everybody unrestricted permissions in your Azure
subscription or resources, you can allow only certain actions. For
example, use RBAC to let one employee manage virtual machines in a
subscription, while another can manage SQL databases within the same
subscription.

Azure AD same as on-prem AD, create users to access or manage some applications.

Azure IAM same as Active directory group(have some permissions), Azure AD users in this group will have those permissions.

Leave a Reply

Your email address will not be published.