Gartner defines access management (AM) as platforms that include an identity provider (IdP) and establish, manage and enforce runtime access controls to at least cloud, modern standards-based web and classic web applications. AM’s purpose is to enable single sign-on (SSO) access for people (workforce, consumer and other users) and machines into protected applications in a streamlined and consistent way that enhances user experience. AM is also responsible for providing security controls to protect the user session in runtime, enforcing authentication (with multifactor authentication [MFA]) and authorization using adaptive access. Lastly, AM can provide identity context for other cybersecurity tools to enable identity-first security.
Gartner defines user authentication as the journey-time process that provides credence in a claim to an identity established for a person for access to digital assets. User authentication is delivered by some combination of (a) an authenticator, (b) signals evaluation and (c) an authentication decision point, which may be from different vendors. User authentication is used to provide credence in an identity claim for a person already known to an organization. The credence must be sufficient to bring account takeover (ATO) risks within the organization’s risk tolerance. User authentication is foundational to and protects the value of other functions with an organization’s identity fabric, namely: runtime authorization, especially segregation of duties (SOD); audit (individual accountability); and identity analytics.
Gartner defines zero trust network access (ZTNA) as products and services that create an identity and context-based, logical-access boundary that encompasses an enterprise user and an internally hosted application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities, which limits lateral movement within a network.