IDPro® Body of Knowledge Volume 1
The Body of Knowledge (BoK) is a compendium of curated articles intended to form the basis of a robust learning and certification program for identity and access management practitioners. For more information on the submission and review process, please see our Submissions page.
To offer feedback on any of the articles in the Body of Knowledge, please submit your comments in our GitHub repository.
A consolidated PDF of all current versions of articles published through October 2023 is available for download here. Viewing this file via Adobe Acrobat will provide a sidebar of bookmarks that serves as a Table of Contents for the document.
BoK Interactive Map
The BoK interactive map shows Body of Knowledge usage (downloads) by country from 2020 through May 2024.
- The circles indicate an area where downloads have occurred.
- Blue circles are a single country.
- Size is scaled up by usage.
- Clicking on these will show quarter-by-quarter usage.
- Green and Yellow circles indicate the number of countries included.
- Click or Zoom in further to see country-level detail.
- Data is from our hosting platform, Janeway.
From the Editor
- Terminology in the IDPro Body of Knowledge – Heather Flanagan – Updated 2025-04-23
Introduction
- Authentication and Authorization (v2) – Michael Epping, Mark Morowczynski – 2022-12-16
- The Business Case for IAM – André Koot – 2023-10-27
- Ethics and Digital Identity – Henk Marsman – 2024-07-31
- Ethics for Digital Identity and Identity Driven Algorithms – Mike Kiser – 2024-07-31
- An Introduction to Cryptography – Mark Drummond – 2025-03-15
- Introduction to Identity – Part 1: Admin-time – Espen Bago (Editor) and Ian Glazer – Originally published 2020-03-31; updated 2021-06-30
- Introduction to Identity – Part 2: Access Management – Pamela Dingle – 2020-06-18
- Words of Identity – Espen Bago – 2022-12-16
Consumer / Citizen IAM
- Introduction to Customer Identity and Access Management – Ian Glazer – 2023-10-27
- Introduction to Privacy for Consumers (v3) – Clare Nelson – Originally published 2020-06-18; updated 2022-12-16
Workforce IAM
- Authentication Methods – Anna Cherkasov and Bailey Bercik – 2025-04-23
- Optimizing Access Recertifications – Vatsal Gupta – 2025-04-23
- An Overview of the Digital Identity Lifecycle (v2) – Andrew Cameron and Olaf Grewe – Originally published 2020-10-31; updated 2022-02-28
- User Provisioning in the Enterprise – Ian Glazer, Lori Robinson, Mat Hamlin – 2022-06-03
Standards, Regulations, and Laws
- HIPAA Security Rule Updates & IAM Compliance Recommendations – Sharon Chahal and Hanita Epstein – 2025-04-23
- Impact of GDPR on Identity and Access Management – Andrew Hindle – 2020-03-31
- An Introduction to GDPR (v3) – Andrew Cormack – Originally published 2020-03-31; updated 2021-06-30, 2022-09-30
- An Introduction to OAuth 2.0 – Bertrand Carlier – 2023-10-27
- An Introduction to OpenID Connect – Anoop Gupta – 2024-11-29
- Laws Governing Identity Systems – Thomas J. Smedinghoff – Originally published 2020-03-31; updated 2021-06-30
- PKCE: Proof Key for Code Exchange – Rusty Deaton – 2025-04-23
- Review – ISO/IEC 24760-1:2019 – Corey Scholefield – 2020-03-31
- Review – ISO/IEC 24760-3:2016 – Espen Bago – 2021-06-17
- Review – ISO/IEC 24760-2:2015 – George B. Dobbs – 2020 -06-18
IAM Architecture and Solutions
- Delegated Authentication Using a SAML Web Browser SSO Profile (v2) – George B. Dobbs – Originally published 2021-09-30; updated 2022-12-16
- Designing MFA for Humans – Nishant Kaushik – 2020-10-31
- Federation in the Enterprise – Patrick Lunney – Originally published 2021-04-19; updated 2022-06-03
- IAM Reference Architecture (v2) – George B. Dobbs – Originally published 2021-09-30; updated 2022-12-16
- Introduction to IAM Architecture (v2) – Andrew Cameron and Graham Williamson – Originally published 2020-06-18; updated 2021-09-30
- Multi-factor Authentication – Khaled Zaky and Dean H. Saxe – 2022-12-16
Access Control
- Introduction to Access Control (v4) – André Koot – Originally published 2020-06-18; updated 2021-09-30, 2022-12-16
- Introduction to Policy-Based Access Controls (v3) – Mary McKee – Originally published 2021-04-19; updated 2022-06-03, 2023-10-27
 
- Introduction to Privileged Access Management (v2) – André Koot – 2024-03-15; updated 2024-11-29
- Strategic Alignment and Access Governance – André Koot – 2022-12-16
- Techniques To Approach Least Privilege – Matthew K. Carter – 2022-09-30
- Token Lifetimes and Security in OAuth 2.0: Best Practices and Emerging Trends – Heather Flanagan – 2024-11-29
Digital Identity
- Account Recovery (v3) – Dean H. Saxe – Originally published 2021-04-19; updated 2022-06-03, 2023-10-27
 
- Defining the Problem – Identity Proofing Challenges – Russ Reopell, Sandy Christopher, and Lorrayne Auld – 2023-04-10
- Identifiers and Usernames – Ian Glazer – 2020-03-31
- A Peek into the Future of Decentralized Identity (v2) – Leo Sorokin – Originally published 2020-10-31; updated 2022-02-28
- Practical Implications of Public Key Infrastructure for Identity Professionals (v2) – Robert Sherwood – Originally published 2021-09-30; updated 2022-12-16
Non-Human Entities
- Non-Human Account Management (v4) – Graham Williamson, André Koot, Gloria Lee – Originally published 2020-10-31; updated 2023-04-10
Project Management
- Introduction to Project Management for IAM Projects – Graham Williamson and Corey Scholefield – Originally published 2020-03-31; updated 2021-06-30, 2022-09-30
Operational Considerations
- Identity and Access Management Workforce Planning – Ken Myers – 2022-09-30
- Managing Identity in Customer Service Operations – Arynn Crow and Jp Rowan – 2021-04-19
En Español (PDF)
- Terminología en el Cuerpo de Conocimiento de IDPro
- Administración de Cuenta No Humana (v3)
- Alineamiento Estratégico y Gobernanza de Acceso
- Aprovisionamiento de usuarios en empresas
- Arquitectura de Referencia IAM (v2)
- Autenticación delegada utilizando un perfil SSO de navegador web SAML (v2)
- Autenticación y Autorización (v2)
- Diseñando MFA para humanos
- Federación Simplificada (v2)
- Identificadores y Nombres de Usuario
- Impacto del RGPD en la gestión de acceso e identidad
- Introducción al Control de Acceso (v4)
- Introducción al Control de Acceso Basado en Políticas (v2)
- Introducción a la gestión de proyectos de proyectos IAM (v3)
- Introducción a la identidad: Parte 1: tiempo de administración (v2)
- Introducción a la identidad – Parte 2: Administración de acceso
- Introducción a la privacidad y el cumplimiento para los consumidores (v3)
- Una introducción al RGPD (v3)
- Las Leyes que regulan los Sistemas de Identidad (v2)
- Una mirada sobre el futuro de la identidad descentralizada (v2)
- Un pantallazo sobre el Ciclo de Vida de la Identidad Digital (v2)
- Planificación de la fuerza laboral de Administración de Identidades y Accesos
- Recuperación de cuenta
- Reseña – ISO/IEC 24760-1:2019
- Reseña – ISO/IEC 24760-2:2015
- Reseña – ISO/IEC 24760-3:2016
- Técnicas para abordar el mínimo privilegio
Other Body of Knowledge Publications and Components
Want to contribute to the IDPro Body of Knowledge?
Please use the below form to let us know about your proposed contribution. We will be pleased to consider your input if relevant: