In information security, authentication (abbreviated as authn) and authorization (authz) are related but separate concepts. Both are an important part of identity and access management (IAM).

How are authn and authz different?

Authn – Authentication means making sure that a person or device is who (or what) they claim to be

Authz – Authorization determines what an authenticated user can see and do

What are some common authn methods?

What are some common authn methods?

Organizations use some kind of authorization solution for allowing or blocking user actions.

In role-based access control (RBAC), every user is assigned one or more predetermined roles, and each role comes with a specified set of permissions.

In attribute-based access control (ABAC), users are assigned permissions based on their attributes or the attributes of the action they are trying to perform.

In rule-based access control (also abbreviated as RBAC), actions are allowed or denied based on a set of rules that apply to all users, irrespective of their role.