[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [Identity Management](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown)
4. [What Is Identity and Access Management (IAM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown)  
   Table of Contents

* [What Is Access Control?](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown)
  * [Access Control Explained](https://www.paloaltonetworks.com/cyberpedia/access-control#explained?ts=markdown)
  * [What Are Different Types of Access Control?](https://www.paloaltonetworks.com/cyberpedia/access-control#different?ts=markdown)
  * [Benefits of Effective Access Control Systems](https://www.paloaltonetworks.com/cyberpedia/access-control#benefits?ts=markdown)
  * [Access Control Use Cases](https://www.paloaltonetworks.com/cyberpedia/access-control#use-cases?ts=markdown)
  * [DSPM and Access Control](https://www.paloaltonetworks.com/cyberpedia/access-control#dspm?ts=markdown)
  * [Access Control FAQs](https://www.paloaltonetworks.com/cyberpedia/access-control#faqs?ts=markdown)
* [What Is Identity Visibility and Intelligence (IVIP)?](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip?ts=markdown)
  * [The Identity Visibility Crisis](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#identity?ts=markdown)
  * [Understanding IVIP: Definition and Core Concepts](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#ivip?ts=markdown)
  * [Why IVIP Emerged Now](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#why?ts=markdown)
  * [What IVIP Actually Does](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#what?ts=markdown)
  * [IVIP Within the Identity Fabric Architecture](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#fabric?ts=markdown)
  * [IVIP vs. Adjacent Technologies](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#adjacent?ts=markdown)
  * [Real-World Use Cases and Applications](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#usecase?ts=markdown)
  * [Implementation Considerations and Architecture](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#implementation?ts=markdown)
  * [Market Maturity and Adoption Roadmap](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#market?ts=markdown)
  * [Identity Visibility and Intelligence Platforms (IVIP) FAQs](https://www.paloaltonetworks.com/cyberpedia/identity-visibility-intelligence-ivip#faq?ts=markdown)
* [What is Identity Security Posture Management (ISPM)?](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm?ts=markdown)
  * [What Identity Security Posture Management Is and Why It Emerged](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#identity?ts=markdown)
  * [The Identity Attack Surface in Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#surface?ts=markdown)
  * [Core Capabilities of ISPM Platforms](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#platform?ts=markdown)
  * [How ISPM Differs from Adjacent Technologies](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#how?ts=markdown)
  * [ISPM Architecture and Technical Implementation](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#technical?ts=markdown)
  * [Key Use Cases and Operational Workflows](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#key?ts=markdown)
  * [ISPM Implementation Strategy](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#strategy?ts=markdown)
  * [Common Identity Posture Risks ISPM Addresses](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#risk?ts=markdown)
  * [Measuring and Improving Identity Security Posture](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#improving?ts=markdown)
  * [The Future of Identity Security Posture Management](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#future?ts=markdown)
  * [ISPM FAQs](https://www.paloaltonetworks.com/cyberpedia/identity-security-posture-management-ispm#faq?ts=markdown)
* [What Is Cloud Infrastructure Entitlement Management (CIEM)?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem?ts=markdown)
  * [Why Is CIEM Important to Your Cloud Security Strategy?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#why?ts=markdown)
  * [What Are the Components of CIEM?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#what?ts=markdown)
  * [How Is CIEM Used?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#how?ts=markdown)
  * [How Does CIEM Improves Cloud Security?](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#security?ts=markdown)
  * [Key Security Benefits of CIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#key?ts=markdown)
  * [Discover CIEM | Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#discover?ts=markdown)
  * [CIEM FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-ciem#faqs?ts=markdown)
* [What is the Evolution of Multifactor Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication?ts=markdown)
  * [Drivers for the Evolution of MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#drivers?ts=markdown)
  * [Brief History of Multi-Factor Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#brief?ts=markdown)
  * [The Future of Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#future?ts=markdown)
  * [Evolution of MFA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-evolution-of-multi-factor-authentication#faqs?ts=markdown)
* [What Is the Principle of Least Privilege?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown)
  * [How does the principle of least privilege (PoLP) work?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#how?ts=markdown)
  * [Why Is the Principle of Least Privilege Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#why?ts=markdown)
  * [What Are the Benefits of the Principle of Least Privilege?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#what?ts=markdown)
  * [How to Implement PoLP in your organization](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#organization?ts=markdown)
  * [Get PoLP with ZTNA 2.0 on Prisma Access](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#get?ts=markdown)
  * [Principle of Least Privilege Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege#faqs?ts=markdown)
* [What is Multifactor Authentication (MFA) Implementation?](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation?ts=markdown)
  * [Why MFA Implementation is Important](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#why?ts=markdown)
  * [Planning Your MFA Implementation Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#planning?ts=markdown)
  * [Step-by-Step Guide to Implementing MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#step?ts=markdown)
  * [Overcoming Challenges in MFA Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#overcoming?ts=markdown)
  * [Best Practices for Maintaining Effective MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#best?ts=markdown)
  * [Evaluating the Success of MFA Deployment](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#evaluating?ts=markdown)
  * [MFA Implementation FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-mfa-implementation#faqs?ts=markdown)
* [What Is Multifactor Authentication?](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown)
  * [Multifactor Authentication Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#multifactor?ts=markdown)
  * [Why Multifactor Authentication Is Crucial](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#why?ts=markdown)
  * [How Multifactor Authentication Works](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#how?ts=markdown)
  * [Authentication Factors and Methods](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#methods?ts=markdown)
  * [MFA vs. Two-Factor Authentication (2FA)](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#vs?ts=markdown)
  * [Implementing Multifactor Authentication: Best Practices](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#practices?ts=markdown)
  * [MFA Deployment Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#mfa?ts=markdown)
  * [Common MFA Security Weaknesses and Mitigations](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#common?ts=markdown)
  * [MFA Policy, User Experience, and Compliance](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#policy?ts=markdown)
  * [Advanced MFA Concepts: Adaptive and AI-Enhanced Authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#advanced?ts=markdown)
  * [Real-World MFA Examples](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#examples?ts=markdown)
  * [The Future of MFA: Emerging Trends and Innovations](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#innovations?ts=markdown)
  * [Multifactor Authentication FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication#faqs?ts=markdown)
* [What Is Access Management?](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown)
  * [Understanding Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management#understanding?ts=markdown)
  * [What Are the Key Components of Access Management?](https://www.paloaltonetworks.com/cyberpedia/access-management#what?ts=markdown)
  * [Types of Access Management Solutions](https://www.paloaltonetworks.com/cyberpedia/access-management#types?ts=markdown)
  * [Implementing Access Management](https://www.paloaltonetworks.com/cyberpedia/access-management#implementing?ts=markdown)
  * [Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/access-management#faqs?ts=markdown)
* [What is BeyondCorp?](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp?ts=markdown)
  * [Why Organizations Use BeyondCorp](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#why?ts=markdown)
  * [How BeyondCorp Works](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#how?ts=markdown)
  * [How BeyondCorp Relates to Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-beyondcorp#relate?ts=markdown)
* [What Is Least Privilege Access?](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown)
  * [Least Privilege Access, Defined](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#definition?ts=markdown)
  * [Benefits of Least Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#benefits?ts=markdown)
  * [Example of Least Privilege Access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#example?ts=markdown)
  * [Least Privilege vs. Zero Trust](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#vs?ts=markdown)
  * [Managing Least Privilege Access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#manage?ts=markdown)
  * [Least Privilege Access FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#faqs?ts=markdown)
* [What are MFA Examples and Methods?](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods?ts=markdown)
  * [Types of Authentication Factors](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#types?ts=markdown)
  * [Common MFA Examples](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#examples?ts=markdown)
  * [Common MFA Use Cases](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#usecases?ts=markdown)
  * [MFA Methods](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#methods?ts=markdown)
  * [Best Practices for MFA](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#best?ts=markdown)
  * [Industry Regulatory Compliance for MFA](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#industry?ts=markdown)
  * [MFA Examples and Methods FAQs](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods#faqs?ts=markdown)
* What Is Identity and Access Management (IAM)?
  * [What Is Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#what?ts=markdown)
  * [Why Is IAM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#why?ts=markdown)
  * [IAM vs. PAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-vs-pam?ts=markdown)
  * [Cloud IAM vs. On-Prem IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#vs?ts=markdown)
  * [IAM Security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-security?ts=markdown)
* [Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#faq?ts=markdown)

# What Is Identity and Access Management (IAM)?

3 min. read  
Table of Contents

* * [What Is Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#what?ts=markdown)
  * [Why Is IAM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#why?ts=markdown)
  * [IAM vs. PAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-vs-pam?ts=markdown)
  * [Cloud IAM vs. On-Prem IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#vs?ts=markdown)
  * [IAM Security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-security?ts=markdown)
* [Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#faq?ts=markdown)

1. What Is Identity and Access Management?

* * [What Is Identity and Access Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#what?ts=markdown)
  * [Why Is IAM Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#why?ts=markdown)
  * [IAM vs. PAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-vs-pam?ts=markdown)
  * [Cloud IAM vs. On-Prem IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#vs?ts=markdown)
  * [IAM Security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#iam-security?ts=markdown)
* [Identity and Access Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management#faq?ts=markdown)

Identity and access management, or IAM, is a foundational component of virtually any modern application environment. By providing a systematic way to assign roles and permissions to users and groups, IAM plays a central role in securing resources, mitigating [security vulnerabilities](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management?ts=markdown), and (when properly implemented) enforcing the [principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown).

## What Is Identity and Access Management?

[Identity and access management (IAM) is a software service or framework](https://www.paloaltonetworks.com/blog/2020/02/cloud-iam-security/) that allows organizations to define user or group identities within software environments, then associate permissions with them. The identities and permissions are usually spelled out in a text file, which is referred to as an IAM policy.

As an example of an IAM policy, a team could create a rule that grants a specific user the right to list files within an object storage bucket in the cloud. Or, an IAM policy could grant a group of users in a branch office the ability to both read and upload files to a local database.

These are just basic examples. In a large-scale environment, a team might maintain dozens or even hundreds of different IAM policies. The policies can be used to manage access rights for any of the dozens of services that the organization may use, either on-premises or in the [cloud](https://www.paloaltonetworks.com/cyberpedia/data-storage?ts=markdown).

## Why Is IAM Important?

Identity and access management is important because it allows organizations to share IT resources among multiple users and groups. It helps organizations establish trust for who can be signed in to an account (authentication) while at the same time ensuring that each user or group has only the specific access rights that he or she requires (authorization).

Without IAM, teams would struggle to manage access rights in an efficient way. They would have to rely on alternatives such as creating an entirely separate cloud computing account for each user. That would be inefficient to manage, and would make it difficult to share cloud resources between users.

They could also simply allow every user within their team to have the same level of access to every resource in their environment. But that would be insecure because each individual typically needs to access only certain resources. For example, developers who work for the HR department may need to access [databases](https://www.paloaltonetworks.com/cyberpedia/database-security?ts=markdown) and virtual machines associated only with their applications, while other developers who build software for the finance department require different permissions. If you were to give all developers access to all resources, you would increase the risk of security oversights and exposures.

With IAM, it's easy to ensure that each user and group has exactly the level of access rights he, she, or they need -- no more and no less. Doing so adheres to the principle of least privilege, which states that access rights should be restricted to the minimum necessary for a user to complete his or her work.

## IAM vs. PAM

Identity and access management is sometimes compared to privileged access management, or PAM. The exact nature of the relationship between IAM and PAM is subjective and depends on your perspective. However, most teams treat PAM as a subset of IAM. They use PAM to manage permissions for privileged users, meaning those who fill administrative roles and require access to systems (such as the IAM framework itself) that ordinary users do not. IAM is a broader category of tool that applies to all users.

## Cloud IAM vs. On-Prem IAM

Most conversations about identity and access management today focus on the cloud. That is because public cloud platforms (such as Amazon Web Services, Microsoft Azure, and Google Cloud) rely on IAM services as the foundation for user rights and access management. If you create a cloud-based IT environment of any size and complexity, you'll need to use cloud identity and access management to control access roles and permissions within it.

That said, IAM systems can be used on-premises as well. Directory services like Active Directory and OpenLDAP, also known as Identity Providers (IdP) could be considered a form of IAM. Basic user and group permissions, such as those defined in the /etc/group file on a Linux system, could also qualify as a simple IAM system, although they are not as granular as cloud IAM, and they are not designed for use within a distributed computing environment that includes multiple servers and services.

## IAM Security

While IAM provides a powerful means of helping to secure complex environments, it presents some security challenges. Misconfigured IAM policies, such as a policy that gives anyone on the Internet the ability to view the contents of a storage bucket, can create major security vulnerabilities. It can also be challenging to ensure that IAM rules remain secure as teams update them to reflect changing user roles and access needs.

Scanning IAM policies continuously can help teams manage these security risks by detecting insecure configurations before they lead to an active breach.

## Identity and Access Management FAQs

### What is single sign-on (SSO)?

SSO enables users to access multiple applications or systems using a single set of credentials, effectively reducing password fatigue and enhancing user experience. By centralizing authentication, SSO simplifies the management of user identities and minimizes the risk of password-related breaches. When a user logs in, SSO communicates with a trusted identity provider using protocols like SAML or OIDC, which verifies the user's identity and sends a token back to the service confirming authentication.

### What is multifactor authentication (MFA)?

Multifactor authentication enhances security by requiring users to provide two or more verification factors to gain access to a resource, such as an application or a dataset. Typically, MFA combines something the user knows (password), something the user has (security token or smartphone app), and something the user is (biometrics). MFA significantly reduces the risk of unauthorized access, as compromising one factor alone is insufficient to breach the system.

### What is identity federation?

Identity federation allows distinct identity management systems to share digital identities and access rights across security domains. Typically implemented through standards like SAML, OpenID Connect, and WS-Federation, it enables a user to use a single authentication ticket or token to access multiple services without re-authenticating. Organizations leverage federation to streamline access to SaaS applications while maintaining stringent security policies and compliance with regulatory requirements.

### What is privileged access management (PAM)?

Privileged access management involves the secure handling of the elevated or 'privileged' access and permissions granted to users, accounts, or processes. PAM helps organizations restrict and monitor the actions that can be performed with elevated rights, significantly reducing the risk of breaches or insider threats. By managing and auditing all privileged accounts and access, organizations can ensure that sensitive operations and data are only accessible to authenticated and authorized users.

### What is role-based access control (RBAC)?

RBAC restricts system access to authorized users based on their role within an organization. Access rights are grouped by role name, and access to resources is determined by the responsibilities inherent to that role. RBAC helps organizations improve operational efficiency, reduce the risk of unauthorized access, and achieve compliance by ensuring that users don't have rights beyond their necessities. The implementation of RBAC is guided by the principle of least privilege, which stipulates that users are granted the minimum level of access necessary to perform their functions.

### What is identity as a service (IDaaS)?

Identity as a service (IDaaS) refers to cloud-based services that manage identities and access controls for organizations. IDaaS providers offer scalable solutions for identity governance, access management, and directory services, which are maintained off-premises and accessible over the internet. Organizations adopt IDaaS to reduce the complexity of their identity infrastructures, improve agility with rapid deployment, and decrease operational costs by outsourcing the management of their identity functions to specialized vendors.

### What is biometric authentication?

Biometric authentication uses unique biological characteristics, such as fingerprints, facial recognition, iris scans, or voice patterns, to verify an individual's identity. These biometrics are difficult to replicate, making them highly secure. The authentication process involves capturing a biometric sample, converting it into a digital template, and comparing it against stored templates. Advanced machine learning algorithms ensure high accuracy and quick matching, making biometric authentication a robust method for enhancing security in identity management.

### What is identity governance and administration (IGA)?

Identity governance and administration encompasses processes and technologies for managing and governing user identities and access permissions within an organization. IGA solutions provide visibility into who has access to what, ensuring that access rights are compliant with policies and regulations. They include functionalities like access certification, role management, and policy enforcement. By automating workflows and providing audit trails, IGA helps organizations mitigate risks associated with unauthorized access and achieve regulatory compliance.

### What is attribute-based access control (ABAC)?

ABAC is a dynamic approach to access management that evaluates access requests based on attributes associated with users, resources, and the environment. Attributes can include user roles, resource classification, time of day, and location. ABAC policies define how these attributes interact to grant or deny access. This fine-grained control enables organizations to implement complex access rules that adapt to varying contexts, providing enhanced security and flexibility over traditional role-based access control models.

### What is an identity provider (IdP)?

An identity provider (IdP) is a service that creates, maintains, and manages identity information for users and provides authentication services to relying applications within a federation or SSO system. IdPs use protocols like SAML, OpenID Connect, and OAuth to facilitate secure identity and attribute sharing. They play a crucial role in federated identity management by issuing authentication tokens that applications trust, allowing users to access multiple services with a single set of credentials.

### What is just-in-time (JIT) provisioning?

Just-in-time provisioning is a method of creating user accounts on-the-fly during the first login attempt, based on user attributes received from an identity provider. This approach eliminates the need for pre-provisioning accounts and reduces administrative overhead. JIT provisioning leverages federated identity protocols, such as SAML or OpenID Connect, to obtain user attributes dynamically and create accounts with appropriate access rights. This ensures that users have immediate access to necessary resources without delays associated with traditional provisioning methods.

### What is a directory service?

A directory service is a specialized database designed for managing and storing information about users, devices, and other entities in a network. It supports authentication, authorization, and account management functions. Common directory services include Microsoft Active Directory, LDAP (Lightweight Directory Access Protocol), and Azure Active Directory. They provide a centralized repository for identity information, enabling efficient management of user credentials, group memberships, and access policies across an organization's IT environment.

### What is credential stuffing?

Credential stuffing is a cyberattack method where attackers use automated tools to try large volumes of username-password pairs obtained from previous data breaches on multiple websites. This technique exploits the fact that many users reuse passwords across different services. Ineffective IAM practices, such as not enforcing MFA and poor password policies, can make systems highly vulnerable to credential stuffing, leading to unauthorized access and data breaches.

### What is privilege creep?

Privilege creep occurs when users accumulate access rights and permissions over time that exceed what is necessary for their current role. This often happens due to ineffective IAM practices, such as lack of regular access reviews, poor role management, and inadequate deprovisioning processes. Privilege creep increases the risk of internal threats and unauthorized access to sensitive data, as users retain access to resources they no longer need.

### What is an orphaned account?

Orphaned accounts refer to user accounts that remain active after the user has left the organization or no longer needs access. These accounts are often a result of ineffective deprovisioning processes within IAM systems. Orphaned accounts pose significant security risks as they can be exploited by malicious insiders or external attackers to gain unauthorized access to organizational resources, leading to potential data breaches and compliance violations.

### What is shadow IT?

Shadow IT refers to the use of information technology systems, devices, software, applications, and services without explicit organizational approval. Ineffective IAM practices, such as lack of visibility and control over user activities, can lead to the proliferation of shadow IT. This uncontrolled environment increases security risks, as unauthorized tools may lack proper security measures, making them susceptible to breaches and data leaks. Additionally, it complicates compliance and governance efforts.

### What is overprivileged account?

An overprivileged account is an account that has more access rights and permissions than necessary for its intended purpose or role. These accounts are often a result of ineffective IAM practices, such as insufficient RBAC implementation and lack of adherence to the principle of least privilege. Overprivileged accounts increase the attack surface and risk of insider threats, as they can be exploited to perform unauthorized actions and access sensitive information.

### What is access sprawl?

Access sprawl occurs when users are granted excessive and unnecessary access to various systems and resources over time, often due to ineffective IAM practices. This issue arises from inadequate access reviews, poor role management, and failure to enforce the principle of least privilege. Access sprawl complicates security management, increases the risk of data breaches, and makes it difficult to achieve compliance with regulatory requirements, as it becomes challenging to track and control who has access to what.

### What are identity silos?

Identity silos refer to the fragmented and isolated management of user identities across different systems and applications within an organization. This fragmentation is often due to ineffective IAM integration and lack of centralized identity governance. Identity silos hinder efficient access management, complicate user provisioning and deprovisioning processes, and increase the risk of security vulnerabilities. They also make it difficult to enforce consistent security policies and achieve a unified view of user access across the organization.
Related Content  
[What Is Least Privilege Access? | Understanding CIEM
Least privilege access is when you only give a user or group the minimum level of permissions needed to perform a given task.](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown)  
[Why IAM Security Must Be an Essential Component of CSPM
Effectively managing user permissions and enforcing least privilege access is essential for a robust cloud security posture.](https://www.paloaltonetworks.com/blog/prisma-cloud/iam-security-essential-cspm/)  
[5-Minute Guide to Understanding Cloud Infrastructure Entitlement Management
Learn how the combined functionality of CSPM and CIEM can help users confidently administer large-scale, multicloud environments with ease.](https://www.paloaltonetworks.com/resources/guides/5-min-cloud-infrastructure-entitlement-management?ts=markdown)  
[CIEM | Cloud Infrastructure Entitlement Management
Prisma Cloud gives you control over permissions across multicloud environments.](https://www.paloaltonetworks.com/prisma/cloud/cloud-infrastructure-entitlement-mgmt?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20Identity%20and%20Access%20Management%20%28IAM%29%3F&body=Secure%20user%20access%20with%20IAM.%20Learn%20how%20Identity%20and%20Access%20Management%20controls%20authentication%2C%20authorization%2C%20and%20user%20privileges%20to%20protect%20digital%20assets.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/what-are-multi-factor-authentication-mfa-examples-and-methods?ts=markdown) What are MFA Examples and Methods?  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2025 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language