← Back to catalog
IA-13

Identity Providers and Authorization Servers

Identification and Authentication (IA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Employ identity providers and authorization servers to manage user, device, and non-person entity (NPE) identities, attributes, and access rights supporting authentication and authorization decisions in accordance with [assignment] using [assignment].

Discussion

Identity providers, both internal and external to the organization, manage the user, device, and NPE authenticators and issue statements, often called identity assertions, attesting to identities of other systems or systems components. Authorization servers create and issue access tokens to identified and authenticated users and devices that can be used to gain access to system or information resources. For example, single sign-on (SSO) provides identity provider and authorization server functions. Authenticator management (to include credential management) is covered by IA-05.

Implementation guidance

No content available.

CSF 2.0 crosswalk
PR.AA-04Identity assertions are protected, conveyed, and verifiedProtect
PR.AA-05Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of dutiesProtect