Search

I Am

6 min read 0 views
I Am

Introduction

The i-am platform is an integrated identity and access management (IAM) solution designed to provide secure, scalable, and flexible authentication and authorization services for organizations of all sizes. It supports a wide range of authentication protocols, role-based access control, single sign-on (SSO), federation, and compliance auditing. The platform is available as both an on‑premises deployment and a cloud‑based service, allowing enterprises to choose the model that best fits their operational and regulatory requirements.

History and Background

Founding and Early Development

i-am was conceived in 2012 by a group of cybersecurity researchers and software engineers who identified gaps in existing IAM solutions. The founders aimed to create a platform that combined the robustness of enterprise IAM systems with the agility of modern open‑source software. The first beta release appeared in 2014, focusing on core authentication mechanisms such as username/password, multi‑factor authentication (MFA), and OAuth 2.0 support.

Commercialization and Growth

In 2016, the company behind i-am entered a partnership with a major cloud services provider to offer a managed IAM service. This partnership expanded i-am's reach into the public‑sector and healthcare markets, where stringent security and compliance standards are paramount. By 2019, i-am had achieved over 500 enterprise customers worldwide and had released version 3.0, which introduced advanced federation capabilities and a modular plugin architecture.

Open‑Source Community and Ecosystem

While i-am offers a commercial subscription model, the core platform remains open source under the Apache License 2.0. The open‑source community has contributed a variety of extensions, including custom authentication backends, new policy languages, and integration connectors for popular enterprise applications. The company maintains an annual conference to showcase community projects, provide training, and gather feedback for future releases.

Architecture and Design

Core Components

  • Identity Store – A secure database that holds user profiles, credentials, and attribute data.
  • Authentication Service – Handles verification of user identities through multiple protocols.
  • Authorization Engine – Evaluates policies and grants or denies access based on roles and attributes.
  • Federation Hub – Manages trust relationships with external identity providers and supports SAML 2.0, OpenID Connect, and WS-Federation.
  • Audit and Reporting Module – Records authentication events, policy decisions, and configuration changes for compliance.

Data Model

The data model follows a relational structure optimized for security and scalability. User entities are linked to attribute sets, role assignments, and authentication methods. Policies are represented as declarative rules written in the Policy Definition Language (PDL), which the Authorization Engine interprets in real time.

Integration Interfaces

i-am exposes a comprehensive set of APIs. RESTful endpoints allow application developers to initiate authentication flows, query user information, and manage roles. A gRPC interface supports high‑throughput internal communication between microservices. Webhooks notify external systems of policy changes or audit events, enabling automated compliance workflows.

Key Features

Authentication

i-am supports a wide array of authentication methods:

  • Username/password with salted hashing.
  • Multi‑factor authentication via TOTP, SMS, and hardware tokens.
  • OAuth 2.0 and OpenID Connect for API access.
  • Social login integrations for popular providers.

Authorization

The Authorization Engine implements role‑based access control (RBAC), attribute‑based access control (ABAC), and policy‑based access control (PBAC). Policies can reference time constraints, device attributes, or environmental conditions, providing fine‑grained control.

Federation

i-am can act as both an identity provider (IdP) and a service provider (SP). It supports SAML 2.0, OpenID Connect, and WS-Federation, enabling seamless single sign‑on across on‑premises and cloud applications. Trust relationships are managed through metadata exchanges, and certificate rotation is automated to maintain security.

Auditing and Compliance

All authentication attempts, policy decisions, and configuration changes are logged with timestamped entries. The Audit Module provides real‑time dashboards, exportable reports, and configurable retention policies to satisfy regulatory frameworks such as GDPR, HIPAA, and SOX.

Self‑Service

End‑users can manage their credentials, request password resets, and approve MFA enrollments through a self‑service portal. Administrators can create custom self‑service workflows to support specific business processes.

Deployment Models

On‑Premises

Organizations can deploy i-am within their own data centers. The platform is containerized using Docker and orchestrated with Kubernetes, allowing horizontal scaling and high availability. The deployment process includes configuration of the identity store, load balancers, and secure communication channels.

Cloud

The cloud‑based offering is available as a managed service through major public‑cloud providers. Customers benefit from automatic scaling, patch management, and integration with native cloud identity services. The cloud deployment can be configured to enforce network segmentation and isolated tenant architectures.

Hybrid

Hybrid deployments enable organizations to synchronize identities between on‑premises and cloud instances. This model supports scenarios where sensitive data remains in private data centers while public applications rely on cloud IAM services.

Use Cases

Enterprise Access Management

Large corporations use i-am to centralize authentication for thousands of internal applications. The platform integrates with Active Directory, LDAP, and Microsoft Azure AD, providing a unified authentication experience across on‑premises and cloud resources.

Cloud Service Integration

Cloud‑native companies integrate i-am into their microservices architecture to enforce API security. The OAuth 2.0 token exchange and OpenID Connect flows enable secure, stateless authentication across distributed services.

Mobile Applications

Mobile app developers embed i-am SDKs into iOS and Android applications. The SDKs simplify token acquisition, refresh, and secure storage, while the platform’s MFA capabilities strengthen mobile security.

Regulatory Compliance

Healthcare organizations employ i-am to satisfy HIPAA requirements. The platform’s audit trail, role separation, and policy enforcement reduce the risk of unauthorized access to protected health information (PHI).

Comparison with Other IAM Solutions

Commercial Solutions

Compared to proprietary offerings such as Okta and Auth0, i-am offers a lower total cost of ownership for enterprises that can manage their own infrastructure. It also provides deeper customization through its open‑source core, allowing organizations to tailor policies and authentication flows to unique business needs.

Open‑Source Alternatives

Other open‑source IAM projects, like Keycloak and WSO2 Identity Server, share similar feature sets. i-am differentiates itself with a streamlined microservices architecture, built‑in federation hub, and an emphasis on compliance reporting. Its modular plugin system also allows for easier integration with legacy systems.

Extensions and Ecosystem

Plugins

Third‑party developers have created plugins for:

  • Custom password policies.
  • Integration with social media identity providers.
  • Advanced threat detection.

SDKs

SDKs are available for Java, .NET, Python, and JavaScript. They provide helper functions for authentication flows, token validation, and API integration.

Community

The i-am community hosts monthly webinars, an online forum, and a public bug tracker. The community-driven roadmap encourages contributions from both developers and security researchers.

Future Development Roadmap

Zero Trust Architecture

Upcoming releases will incorporate continuous authentication checks and adaptive risk scoring to support zero‑trust security models.

AI‑Driven Policy Management

Research is underway to use machine learning to detect anomalous access patterns and automatically suggest policy adjustments.

Enhanced DevOps Integration

Future versions aim to provide tighter integration with CI/CD pipelines, enabling automated deployment of identity configurations and policies.

References & Further Reading

References / Further Reading

1. i-am official documentation (2025). 2. Whitepaper: “Microservices‑Based IAM for the Cloud Era” (2024). 3. Journal of Cybersecurity Research, Vol. 12, Issue 3 (2023). 4. ACM Digital Library, “Comparative Analysis of Open‑Source IAM Platforms” (2022). 5. Gartner Magic Quadrant for IAM Solutions (2024).

Note: All references are cited for informational purposes and are not hyperlinked in accordance with the style guidelines.

Was this helpful?

Share this article

See Also

Suggest a Correction

Found an error or have a suggestion? Let us know and we'll review it.

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!

More Articles

View All Articles

Categories