# Managing Access Control with IAM **IAM (Identity and Access Management)** is the core **authentication and access‑control module** of ONEWEB.\ It is responsible for managing **users, roles, permissions, and protected objects**, and acts as the central authority for enforcing access governance across the platform. IAM ensures that only the right users can access the right resources, under the right conditions. *** ### Purpose of IAM in ONEWEB IAM is designed to: * Authenticate users accessing the platform * Control access to applications, pages, data, and functions * Manage users, roles, and permissions centrally * Enforce Role‑Based Access Control (RBAC) * Support security auditing and compliance requirements By using IAM, organizations can apply consistent security policies across all ONEWEB applications. *** ### IAM2 Capabilities **IAM2**, the current identity and access management engine in ONEWEB, provides multiple ways to manage access control. Key capabilities include: * User management * Role and permission configuration * Object‑level access control * Integration with external identity providers (LDAP) * API‑based access management *** ### IAM2 Management Interfaces #### IAM2 Web Application IAM2 includes a **web‑based management interface** that allows administrators to: * Create and manage users * Define roles and assign permissions * Register and manage secured objects * Configure access control policies visually This interface is suitable for day‑to‑day administration and system configuration. *** #### IAM2 Web Service API For advanced or automated scenarios, IAM2 also exposes **Web Service APIs**. Using the IAM2 API, administrators or system integrators can: * Programmatically manage users, roles, and permissions * Integrate IAM management with external systems * Automate onboarding and role assignment workflows * Synchronize access control with enterprise governance tools This enables IAM to be part of broader identity‑lifecycle and compliance automation. *** ### LDAP Integration Support IAM2 can be configured to integrate with an **existing LDAP directory** if the organization already maintains centralized identity infrastructure. With LDAP integration: * Authentication is delegated to the enterprise directory * User identities are managed centrally * IAM2 focuses on authorization and access enforcement This approach reduces duplication of identity data and aligns ONEWEB with enterprise IAM strategies. *** ### IAM in the Access Control Model IAM operates at the center of ONEWEB’s access‑control model: * **Users** are authenticated via IAM * **Roles** define authority levels * **Permissions** control allowed operations * **Objects** represent protected resources IAM enforces these relationships at runtime, ensuring secure and compliant access to system resources. *** ### Security & Compliance Benefits Using IAM for access control enables organizations to: * Enforce least‑privilege access * Centralize identity and permission governance * Improve auditability and traceability * Support regulatory compliance requirements * Reduce risk from misconfigured or unmanaged access IAM provides the foundation for **security‑by‑design** across the ONEWEB platform. *** ### Summary **IAM (Identity and Access Management)** is the central mechanism used by ONEWEB to manage authentication and enforce access control. With IAM and IAM2, organizations can: * Manage users, roles, and permissions centrally * Enforce Role‑Based Access Control consistently * Integrate with LDAP and enterprise identity systems * Automate access governance through APIs * Support secure and compliant application deployment Effective use of IAM is essential for building **secure, scalable, and compliance‑ready applications** on ONEWEB. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onewebstack.com/building-apps/security-and-compliance/authorization-and-access-control/managing-access-control-with-iam.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.