The global skills and competency framework for the digital world

Identity and access management IAMT


Manages identity verification and access permissions within organizational systems and environments.

SFIA 9 is in development

  • SFIA 9 beta due in early July 2024
  • SFIA 9 planned for publication October 2024

This is a prototype for SFIA 9. It is subject to change before publication.

Disclaimer - prototypes/new skills may be substantially modified prior to launch or may never be released.

Guidance notes


Activities may include, but are not limited to:

  • implementing management (IAM) frameworks in line with organizational goals and compliance with regulations like GDPR, HIPAA, or SOX
  • streamlining user authentication with single sign-on solutions and enhancing security with multi-factor authentication
  • managing user access rights from onboarding to offboarding, including integration with cloud services, enterprise applications, and directory services like LDAP or Active Directory
  • using role-based and attribute-based access controls to manage user privileges and access, aligning with organizational roles and attributes
  • implementing privileged access management tools for secure monitoring and control of critical asset access
  • handling incident responses related to access issues, like unauthorized access or identity theft, and regularly auditing access to maintain security and compliance
  • conducting identity governance and administration to enforce policies, managing digital identities including user accounts, groups, and roles.

Understanding the responsibility levels of this skill

Where lower levels are not defined...

  • Specific tasks and responsibilities are not defined because the skill requires a higher level of autonomy, influence, and complexity in decision-making than is typically expected at these levels. You can use the essence statements to understand the generic responsibilities associated with these levels.

Where higher levels are not defined...

  • Responsibilities and accountabilities are not defined because these higher levels involve strategic leadership and broader organisational influence that goes beyond the scope of this specific skill. See the essence statements.

Developing skills and demonstrating responsibilities related to this skill

The defined levels show the incremental progression in skills and reponsibilities.

Where lower levels are not defined...

You can develop your knowledge and support others who do have responsibility in this area by:

  • Learning key concepts and principles related to this skill and its impact on your role
  • Performing related skills (see the related SFIA skills)
  • Supporting others with tasks (generic examples are provided by the essence statements for each level)

Where higher levels are not defined...

  • You can progress by developing related skills which are better suited to higher levels of organisational leadership.


Defined at these levels: 1 2 3 4 5 6

Show/hide extra descriptions and levels.

Identity and access management: Level 1

Level 1 - Follow: Essence of the level: Performs routine tasks under close supervision, follows instructions, and requires guidance to complete their work. Learns and applies basic skills and knowledge.


Performs basic IAM tasks, including user account lifecycle management, under supervision.

Maintains accurate records and follows established IAM protocols.

Identity and access management: Level 2

Level 2 - Assist: Essence of the level: Provides assistance to others, works under routine supervision, and uses their discretion to address routine problems. Actively learns through training and on-the-job experiences.


Provides assistance for IAM operations, including automated role allocation and access control management.

Engages in user identity lifecycle management, including account creation and deletion.

Facilitates operation of IAM tools and self-service portals.

Identity and access management: Level 3

Level 3 - Apply: Essence of the level: Performs varied tasks, sometimes complex and non-routine, using standard methods and procedures. Works under general direction, exercises discretion, and manages own work within deadlines. Proactively enhances skills and impact in the workplace.


Administers standard IAM services, implementing policies and resolving related issues. Manages monitoring, audits, and logging for IAM systems.

Assists users in defining their access rights and privileges. Designs and implements simple IAM solutions, enhancing user access security.

Investigates minor security breaches in accordance with established procedures related to IAM.

Contributes to the enhancement and optimization of existing IAM processes and systems.

Identity and access management: Level 4

Level 4 - Enable: Essence of the level: Performs diverse complex activities, supports and supervises others, works autonomously under general direction, and contributes expertise to deliver team objectives.


Designs and implements complex advanced IAM solutions, focusing on automated access control and role allocation.

Oversees the integration of IAM services with new technologies.

Provides specialised support for complex IAM operations and support implementation of policies and standards.

Collaborates with stakeholders to align IAM with business objectives and emerging security trends.

Identity and access management: Level 5

Level 5 - Ensure, advise: Essence of the level: Provides authoritative guidance in their field and works under broad direction. Accountable for achieving workgroup objectives and managing work from analysis to execution and evaluation.


Offers authoritative advice on IAM, ensuring services align with and support evolving business needs and security protocols.

Manages large-scale IAM initiatives and oversees the integration of IAM services with new technologies, enhancing security and operational efficiency.

Leads operational planning for IAM, anticipating future trends and preparing the organization for scalable growth.

Ensures IAM systems' compliance and oversees advanced monitoring and audit processes.

Identity and access management: Level 6

Level 6 - Initiate, influence: Essence of the level: Has significant organisational influence, makes high-level decisions, shapes policies, demonstrates leadership, fosters organizational collaboration, and accepts accountability in key areas.


Shapes and defines organisation-wide IAM policies, ensuring alignment with business strategies and security requirements.

Champions IAM best practices, advocating for robust and innovative IAM solutions across the organization.

Influences and guides organizational IAM governance, integrating emerging technologies and regulatory compliance into IAM strategies.

Reviews and advises on IAM aspects and implications of new business initiatives.

Level 7

Level 7 - Set strategy, inspire, mobilise: Essence of the level: Operates at the highest organisational level, determines overall organisational vision and strategy, and assumes accountability for overall success.

New skill