Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
Understanding Authorization in IAM: Methods & Best Practices
Identity Fundamentals
What is Identity and Access Management (IAM)?
Identity Providers and Service Providers
Centralized Identity Management
What is Centralized Identity Management?
How Does Centralized Identity Management Work?
Centralized Identity Standards
SAML
OAuth
OpenID Connect (OIDC)
Decentralized Identity Management
What is Decentralized Identity Management?
How Does Decentralized Identity Management Work?
How is Decentralized Identity Different?
Decentralized Identity Standards
Common Terms
Zero Trust Security
Orchestration
Authentication
Single-factor, Two-factor, and Multi-factor Authentication
Passwordless Authentication
FIDO (Fast Identity Online)
Risk-based Authentication
Certificate-based Authentication
Token-based Authentication
Single Sign-On (SSO)
Federated Identity Management
Continuous Authentication
CHAP Authentication
Authorization
Authorization Methods
User and Account Provisioning
Single Sign-on with a Directory
Dynamic Authorization
Protocols
LDAP
SCIM
WebAuthn
Kerberos
WS-Trust
What Is B2B Identity and Access Management (B2B IAM)
Agentic AI
Key IAM Considerations to Support Agentic AI
AI Agent Classes and Use Cases
IAM Best Practices for AI Agents
Reference Implementations and Patterns
Expand All | Collapse All

Authorization

 

Authorization is the process of giving someone the ability to access a digital resource. To keep sensitive information protected, you should limit user access to only the resources that they need. 
 

System administrators define which users can access the system and which actions they can perform within it. The actions users are allowed to perform are known as permissions. A permission becomes a privilege, or responsibility when it is assigned to a user. Privileges can be based on user roles, identity attributes, risk factors, organization rules and policies, or any combination, and can be assigned using a variety of different methods. 

 

The authorization process occurs after authentication. First, users prove that they are who they claim to be. Then, processes occur that determine which applications and files they’re allowed to access and what they’re allowed to do when they access them.  

 

You can compare these processes to boarding a plane. 
 

  1. During the check-in process, you prove that you are who you claim to be by presenting your identification and obtaining a boarding pass.
     

  2. During the security check process, you present your identification and your boarding pass to obtain access to the concourses.
    If you do not have a boarding pass, you’re not authorized to enter the concourses. 
     

  3. You present your boarding pass to the airline staff, which allows you to board the plane.
    Your assigned seat determines which part of the plane and accompanying services you can enjoy. If you don’t have an assigned seat in first class, you’re unfortunately not authorized to enjoy that experience and will have to take your seat in coach.
     

If you think about it, you are likely familiar with these processes in other situations, too. Whether it be attending a movie or concert, or staying in a hotel -- you present your identification to prove that you purchased the tickets or hotel stay, and you receive tickets or keys authorizing your entrance.
 

There are an infinite number of ways users are authorized to access digital resources. The most widely used authorization methods include:
 

  • Policy-based access control (PBAC)

  • Role-based access control (RBAC)

  • Attribute-based access control (ABAC)

  • Privileged access management (PAM)


See Authorization Methods to learn about the differences between each method and way each one works.


There are also a variety of ways to implement these methods. In enterprise organizations, automated user and account provisioning processes are used to create, update, and delete large numbers of users and accounts at once. See User and Account Provisioning to learn how it works.

 

Related Resources

Video

Add a More Granular Authorization Layer with PingAccess

   

Blog

Authentication vs Authorization: What You Need to Know

   

Start Today

Contact Sales

sales@pingidentity.com

See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.