Skip to main content
DI

Authentication

Master the methods and protocols used to verify user identity. From passwords and multi-factor authentication to OAuth 2.0, OpenID Connect, SAML, and modern passwordless approaches including passkeys and biometrics.

29 terms20 books3 comparisons

Key Terms

Single Sign-On

Trending

SSO

An authentication method that allows users to log in once and gain access to multiple applications or systems without re-entering credentials for each one.

beginnerAuthenticationSSO

Multi-Factor Authentication

Trending

MFA

A security mechanism that requires users to provide two or more independent verification factors (something you know, have, or are) to authenticate their identity.

beginnerAuthenticationMFA

OAuth 2.0

Trending

An authorization framework that enables third-party applications to obtain limited access to a web service on behalf of a resource owner, without exposing credentials.

intermediateAuthorizationStandards & Protocols

OpenID Connect

Trending

OIDC

An identity layer built on top of OAuth 2.0 that allows clients to verify the identity of an end-user and obtain basic profile information using an ID Token.

intermediateAuthenticationStandards & Protocols

Security Assertion Markup Language

SAML

An XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider, widely used for enterprise SSO.

intermediateAuthenticationStandards & Protocols

Zero Trust

Trending

A security model based on the principle of 'never trust, always verify' that requires strict identity verification for every person and device attempting to access resources, regardless of network location.

intermediateZero Trust

Identity Provider

IdP

A service that creates, manages, and verifies digital identities, issuing authentication tokens or assertions that other applications and services trust to grant access.

beginnerAuthenticationSSO

Service Provider

SP

An application or service that relies on an identity provider to authenticate users and make authorization decisions, consuming authentication tokens or assertions issued by the IdP.

beginnerAuthenticationSSO

JSON Web Token

JWT

A compact, URL-safe token format that encodes claims as a JSON object, digitally signed for integrity verification, commonly used to transmit authentication and authorization information between parties.

intermediateStandards & ProtocolsAuthentication

Lightweight Directory Access Protocol

LDAP

An open, vendor-neutral protocol for accessing and managing distributed directory information services, commonly used to store and retrieve user identity data, group memberships, and organizational structures.

intermediateStandards & ProtocolsProvisioning

Active Directory

AD

Microsoft's directory service for Windows domain networks that provides authentication, authorization, directory services, and group policy management for enterprise environments.

beginnerAuthenticationProvisioning

Kerberos

A network authentication protocol that uses tickets issued by a trusted third party (Key Distribution Center) to allow nodes to prove their identity securely over a non-secure network.

advancedAuthenticationStandards & Protocols

And 17 more terms... View all in glossary

Recommended Books

Identity Management Design Guide with IBM Tivoli Identity Manager

Axel Buecker

Identity Management Design Guide with IBM Tivoli Identity Manager

Axel Buecker, Dr. Paul Ashley, Martin Borrett

4.1

This IBM Redbooks publication provides a comprehensive guide to designing and implementing identity management solutions using IBM Tivoli Identity Manager. It covers the full identity lifecycle from provisioning to deprovisioning, role-based access control, compliance reporting, and integration patterns with enterprise directories and applications.

advancedIAMIdentity Governance

OAuth 2 in Action

Justin Richer

OAuth 2 in Action

Justin Richer, Antonio Sanso

4.5

OAuth 2 in Action teaches you the practical use and deployment of OAuth 2 from the perspective of a client, authorization server, and resource server. You'll learn how to build an OAuth 2 ecosystem from scratch, understand the security implications, and implement it correctly in real-world scenarios.

intermediateAuthenticationAuthorization

Solving Identity Management in Modern Applications

Yvonne Wilson

Solving Identity Management in Modern Applications

Yvonne Wilson, Abhishek Hingnikar

4.6

This book provides a practical guide to identity management for modern applications. It covers the fundamentals of authentication, authorization, OAuth 2.0, OpenID Connect, and SAML 2.0, explaining when and how to use each. The second edition includes updated coverage of passwordless authentication, passkeys, and decentralized identity.

intermediateIAMAuthentication

Zero Trust Networks

Evan Gilman

Zero Trust Networks

Evan Gilman, Doug Barth

4.4

Zero Trust Networks provides a thorough examination of the zero trust security model, where nothing inside or outside the network perimeter is trusted by default. The book covers network architecture, device trust, user trust, application trust, and how to build systems that verify every request regardless of source.

advancedZero TrustCybersecurity

Keycloak - Identity and Access Management for Modern Applications

Stian Thorgersen

Keycloak - Identity and Access Management for Modern Applications

Stian Thorgersen, Pedro Igor Silva

4.4

This practical guide covers Keycloak from installation to advanced configuration. Learn how to secure applications using OpenID Connect and OAuth 2.0, configure social login, implement fine-grained authorization, manage users and roles, and integrate Keycloak with existing infrastructure.

intermediateIAMAuthentication

NIST SP 800-63 Digital Identity Guidelines

Paul Grassi

NIST SP 800-63 Digital Identity Guidelines

Paul Grassi, James Fenton, Elaine Newton, Ray Perlner, Andrew Regenscheid

4.7

The NIST SP 800-63 Digital Identity Guidelines provide technical requirements for federal agencies implementing digital identity services. Revision 4 covers identity proofing (800-63A), authentication and lifecycle management (800-63B), and federation and assertions (800-63C). It defines Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL).

referenceComplianceIAM

Comparisons

SAML vs OpenID Connect (OIDC): Which SSO Protocol Should You Use?

A comprehensive comparison of the two dominant single sign-on protocols. SAML uses XML-based assertions and is prevalent in enterprise environments, while OpenID Connect is built on OAuth 2.0 with JSON/JWT tokens and is the preferred choice for modern web and mobile applications. Learn when to use each protocol, their security characteristics, and migration considerations.

Read comparison

Passkeys vs Passwords: The Future of Authentication

A comparison of traditional password-based authentication with modern passkey-based passwordless authentication. Passkeys use public-key cryptography and are phishing-resistant by design, while passwords remain vulnerable to phishing, credential stuffing, and brute-force attacks. This guide covers security, usability, deployment considerations, and migration strategies for organizations moving beyond passwords.

Read comparison

Zero Trust vs VPN: Rethinking Network Access

A comparison of traditional VPN-based perimeter security with Zero Trust Network Access (ZTNA). VPNs grant broad network access once authenticated, while Zero Trust verifies every request and grants only application-specific access. This comparison covers security posture, user experience, scalability, performance, and practical migration paths from VPN to Zero Trust architectures.

Read comparison