🔑

Learning Track · 9 modules

Identity & Access Management

Identity is the new perimeter. AAA, federation (SAML, OIDC, SCIM), PAM, passwordless / FIDO2, identity governance — the full identity stack for modern environments.

Why this track

Identity is the new perimeter. AAA, federation (SAML, OIDC, SCIM), PAM, passwordless / FIDO2, identity governance — the full identity stack for modern environments. This track walks you from fundamentals through advanced techniques across 9 practitioner modules — the same body of knowledge senior security professionals build over years, structured for self-paced progression with India-specific context throughout.

Prerequisite: See module 1 for entry context. Most modules are self-contained but follow the suggested sequence for best results.

Modules

7.8 h

Total time

Free modules

∞

Quiz retries

Difficulty mix

Intermediate · 5 Advanced · 4

Module sequence

Identity and Access Management Programme

IAM as a programme — identity sources, JML lifecycle, role design, access reviews, SoD, service accounts, metrics. Why IAM tooling fails without process.

Intermediate 75 min →

Privileged Access Management

PAM controls — vaulting, session brokering, JIT elevation, recording, tiered admin model, PAW, cloud-native PAM. Why PAM is the highest-leverage control for regulated orgs.

Intermediate 75 min →

Federation — SAML, OIDC, SCIM in Production

SAML 2.0 vs OIDC, SP-/IdP-initiated flows, SCIM provisioning, group-claim mapping, step-up auth, conditional access. Real-world rollout sequence and operational gotchas.

Intermediate 80 min →

Passwordless and FIDO2 Rollout

FIDO2/WebAuthn end-to-end — passkeys vs hardware keys, registration and login flows, account-recovery design, server-side WebAuthn implementation, enterprise rollout sequence.

Advanced 80 min →

Federation at Scale — SAML, OIDC, SCIM Patterns

The three protocols Protocol Purpose SAML 2.0 Browser-based SSO; enterprise standard since 2005 OIDC (OpenID Connect) SSO on top of OAuth 2.0; modern API-first SCIM Automated user provisioning and de-provisioning SAML in practice Service Provider (SaaS) redirects user to Identity Provider for authentication. IdP authenticates and returns signed SAML assertion to SP. SP validates signature, […]

Intermediate 30 →

Privileged Access Management — PAM Architecture and Operations

What privileged accounts cover Domain Admin / Enterprise Admin (Windows AD). Root / sudo on Linux servers. Database admin (DBA) for production databases. Cloud root accounts and cloud admin IAM roles. Network device admin (firewall, switch, router). SaaS admin accounts (Okta admin, Workspace super-admin). Application admin accounts (Veeam, vCenter, etc.). Inventory these. The list is […]

Advanced 35 →

Identity Governance — Lifecycle, Access Reviews, SoD

What IGA covers Lifecycle management: joiner, mover, leaver workflows. Access provisioning: who gets what, on what basis. Access reviews / certification: periodic re-validation of access. Segregation of duties (SoD): enforcement that conflicting roles don’t combine. Compliance reporting: evidence for audits. The joiner-mover-leaver workflow Joiner HR creates employee record in HRIS. IdP receives event; creates user […]

Intermediate 30 →

Customer Identity (CIAM) — Scale, Fraud, KYC

CIAM vs workforce IAM — the differences Dimension Workforce IAM CIAM Scale Thousands Millions to hundreds of millions Onboarding HR-provisioned Self-service registration MFA tolerance Mandatory; users accept UX-sensitive; abandonment risk Account recovery Help-desk-mediated Self-service required Risk posture Trusted users; insider risk Account takeover, fraud, abuse Identity proofing In-person at HR Online; KYC for regulated CIAM […]

Advanced 30 →

Zero Standing Privilege and Just-in-Time Access

The principle Traditional model: 100 admins, each with persistent admin rights. Attacker compromise of any admin = persistent privileged access. Insider threat = persistent abuse capability. Zero standing privilege: 100 named eligible admins, 0 hold standing privilege. Elevation granted on request, time-bounded, audited. Attacker compromise of an admin = no standing access to abuse. Insider […]

Advanced 35 →

Common questions about this track

How long will this track take me? +

Most learners finish in 4-8 weeks at a sustainable 4-5 hours per week. Modules are self-paced so you can move faster or slower as life allows.

Do I need prior experience? +

Module 1 sets the entry baseline. The first module is always free; if it feels approachable, the track is for you.

Will this prepare me for industry certifications? +

Most modules align with the body of knowledge tested by senior security certifications. The Academy is not a cert-prep course but produces working knowledge that transfers to any cert exam in the same domain.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map