{"id":44143,"date":"2026-01-31T16:28:08","date_gmt":"2026-01-31T15:28:08","guid":{"rendered":"https:\/\/www.derivaty.sk\/?p=44143"},"modified":"2026-01-05T14:03:11","modified_gmt":"2026-01-05T13:03:11","slug":"sprava-identit-a-pristupu-iam-autentizace-a-autorizace","status":"publish","type":"post","link":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/","title":{"rendered":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace"},"content":{"rendered":"<h2>Co je spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM) a pro\u010d na n\u00ed z\u00e1le\u017e\u00ed<\/h2>\n<p>Spr\u00e1va identit a p\u0159\u00edstup\u016f (Identity and Access Management, IAM) je soubor princip\u016f, proces\u016f a technologi\u00ed, kter\u00e9 zaji\u0161\u0165uj\u00ed, \u017ee spr\u00e1vn\u00ed u\u017eivatel\u00e9 a syst\u00e9my maj\u00ed ve spr\u00e1vn\u00fd \u010das spr\u00e1vn\u00fd p\u0159\u00edstup ke spr\u00e1vn\u00fdm zdroj\u016fm a jen v nezbytn\u011b nutn\u00e9m rozsahu. IAM je kl\u00ed\u010dov\u00fdm pil\u00ed\u0159em kybernetick\u00e9 bezpe\u010dnosti, compliance i provozn\u00ed efektivity \u2013 od on-boardingu zam\u011bstnance a\u017e po audit p\u0159\u00edstup\u016f v cloudu. Modern\u00ed IAM integruje u\u017eivatelsk\u00e9 identity, strojov\u00e9 identity, spravuje privilegovan\u00e9 p\u0159\u00edstupy, podporuje Zero Trust a poskytuje jednotnou vrstvu autentizace, autorizace a governance nap\u0159\u00ed\u010d hybridn\u00ed infrastrukturou.<\/p>\n<h2>Z\u00e1kladn\u00ed stavebn\u00ed prvky IAM<\/h2>\n<ul>\n<li><strong>Identita<\/strong>: reprezentace u\u017eivatele, slu\u017eby nebo za\u0159\u00edzen\u00ed (v\u010detn\u011b atribut\u016f jako odd\u011blen\u00ed, role, rizikov\u00fd profil).<\/li>\n<li><strong>Adres\u00e1\u0159\/zdroj pravdy<\/strong>: centr\u00e1ln\u00ed \u00falo\u017ei\u0161t\u011b identit (typicky LDAP\/AD nebo cloudov\u00fd adres\u00e1\u0159).<\/li>\n<li><strong>Autentizace (AuthN)<\/strong>: ov\u011b\u0159en\u00ed, \u017ee subjekt je t\u00edm, za koho se vyd\u00e1v\u00e1 (hesla, MFA, passkeys, certifik\u00e1ty).<\/li>\n<li><strong>Autorizace (AuthZ)<\/strong>: rozhodnut\u00ed, k \u010demu m\u00e1 subjekt p\u0159\u00edstup (RBAC, ABAC, PBAC, z\u00e1sady a politiky).<\/li>\n<li><strong>Provisioning\/deprovisioning<\/strong>: \u017eivotn\u00ed cyklus \u00fa\u010dtu a p\u0159\u00edstup\u016f (vznik, zm\u011bny, zru\u0161en\u00ed, recertifikace).<\/li>\n<li><strong>P\u0159\u00edstupov\u00e1 br\u00e1na<\/strong>: SSO, federace a proxy vrstvy, kter\u00e9 sjednocuj\u00ed p\u0159\u00edstup do aplikac\u00ed.<\/li>\n<li><strong>Governance<\/strong>: recertifikace, segregace rol\u00ed (SoD), schvalovac\u00ed toky a auditn\u00ed stopy.<\/li>\n<li><strong>Privilegovan\u00fd p\u0159\u00edstup (PAM)<\/strong>: trezor hesel\/kl\u00ed\u010d\u016f, session recording, JIT\/JEA p\u0159\u00edstupy admin\u016f.<\/li>\n<\/ul>\n<h2>\u017divotn\u00ed cyklus identity (Joiner\u2013Mover\u2013Leaver)<\/h2>\n<ol>\n<li><strong>Joiner<\/strong>: vytvo\u0159en\u00ed identity ze zdroje HR; automatick\u00e9 p\u0159i\u0159azen\u00ed rol\u00ed a licenc\u00ed dle pozice a lokality.<\/li>\n<li><strong>Mover<\/strong>: zm\u011bna odd\u011blen\u00ed\/role \u2192 dynamick\u00e9 \u00fapravy atribut\u016f a odebr\u00e1n\u00ed star\u00fdch opr\u00e1vn\u011bn\u00ed.<\/li>\n<li><strong>Leaver<\/strong>: okam\u017eit\u00e1 deaktivace \u00fa\u010dtu, rotace tajemstv\u00ed, p\u0159evod dat a odpojen\u00ed za\u0159\u00edzen\u00ed.<\/li>\n<\/ol>\n<p>Automatizace t\u011bchto krok\u016f sni\u017euje riziko \u201esirot\u010d\u00edch\u201c \u00fa\u010dt\u016f a zvy\u0161uje auditn\u00ed pr\u016fkaznost.<\/p>\n<h2>Protokoly a standardy v IAM<\/h2>\n<table>\n<thead>\n<tr>\n<th>Oblast<\/th>\n<th>Standard<\/th>\n<th>\u00da\u010del<\/th>\n<th>Pozn\u00e1mka<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Federace\/SSO<\/td>\n<td>SAML 2.0<\/td>\n<td>Enterprise SSO mezi dom\u00e9nami<\/td>\n<td>\u0160iroce pou\u017e\u00edvan\u00e9 pro B2B a star\u0161\u00ed SaaS<\/td>\n<\/tr>\n<tr>\n<td>Autorizace API<\/td>\n<td>OAuth 2.0<\/td>\n<td>Delegace p\u0159\u00edstupu p\u0159es tokeny<\/td>\n<td>Flow: Authorization Code, Client Credentials, Device<\/td>\n<\/tr>\n<tr>\n<td>Identita pro modern\u00ed app<\/td>\n<td>OpenID Connect (OIDC)<\/td>\n<td>Vrstva identity nad OAuth 2.0<\/td>\n<td>ID token (JWT), discovery, scopes\/claims<\/td>\n<\/tr>\n<tr>\n<td>Provisioning<\/td>\n<td>SCIM 2.0<\/td>\n<td>Standardizovan\u00e9 vytv\u00e1\u0159en\u00ed a spr\u00e1va \u00fa\u010dt\u016f<\/td>\n<td>Automatizace JML do SaaS<\/td>\n<\/tr>\n<tr>\n<td>Adres\u00e1\u0159e<\/td>\n<td>LDAP, Kerberos<\/td>\n<td>Adres\u00e1\u0159ov\u00e9 dotazy, ticket-based AuthN<\/td>\n<td>Tradi\u010dn\u00ed on-prem, integrace s AD<\/td>\n<\/tr>\n<tr>\n<td>Siln\u00e1 AuthN<\/td>\n<td>FIDO2\/WebAuthn<\/td>\n<td>Phishing-resistentn\u00ed p\u0159ihl\u00e1\u0161en\u00ed<\/td>\n<td>Passkeys, bezpe\u010dnostn\u00ed kl\u00ed\u010de, platform authenticators<\/td>\n<\/tr>\n<tr>\n<td>Certifik\u00e1ty<\/td>\n<td>X.509, ACME<\/td>\n<td>PKI pro za\u0159\u00edzen\u00ed a slu\u017eby<\/td>\n<td>Automatizace vyd\u00e1v\u00e1n\u00ed a rotace certifik\u00e1t\u016f<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Modely autorizace: RBAC, ABAC, PBAC a SoD<\/h2>\n<ul>\n<li><strong>RBAC<\/strong>: p\u0159\u00edstup dle rol\u00ed (nap\u0159. \u201e\u00da\u010detn\u00ed\u201c, \u201eAdmin ERP\u201c); snadn\u00e1 spr\u00e1va, hroz\u00ed \u201erole explosion\u201c.<\/li>\n<li><strong>ABAC<\/strong>: atributy u\u017eivatele, prost\u0159ed\u00ed a zdroje (odd\u011blen\u00ed=Finance, \u010das<em>&lt;<\/em>18:00); flexibiln\u00ed a kontextov\u00e9.<\/li>\n<li><strong>PBAC\/Policy-based<\/strong>: centr\u00e1ln\u011b \u0159\u00edzen\u00e9 politiky s rozhodovac\u00ed slu\u017ebou (PDP\/PEP, XACML\/OPA).<\/li>\n<li><strong>Segregation of Duties (SoD)<\/strong>: br\u00e1n\u00ed konflikt\u016fm rol\u00ed (nap\u0159. vytv\u00e1\u0159et i schvalovat platby).<\/li>\n<\/ul>\n<h2>MFA, bezheslov\u00e9 p\u0159ihl\u00e1\u0161en\u00ed a adaptivn\u00ed autentizace<\/h2>\n<p>Siln\u00e9 ov\u011b\u0159en\u00ed kombinuje alespo\u0148 dva faktory: znalost (heslo), vlastnictv\u00ed (token\/kl\u00ed\u010d), inherenci (biometrie). Trendem je <strong>passwordless<\/strong> pomoc\u00ed FIDO2\/WebAuthn (passkeys). Adaptivn\u00ed autentizace hodnot\u00ed rizikov\u00fd kontext (geolokace, device posture, reputace IP) a <em>step-up<\/em> ov\u011b\u0159uje pouze p\u0159i zv\u00fd\u0161en\u00e9m riziku.<\/p>\n<h2>Privilegovan\u00fd p\u0159\u00edstup (PAM) a JIT\/JEA<\/h2>\n<ul>\n<li><strong>Vault tajemstv\u00ed<\/strong>: bezpe\u010dn\u00e9 ukl\u00e1d\u00e1n\u00ed a rotace hesel, kl\u00ed\u010d\u016f, API token\u016f.<\/li>\n<li><strong>Session management<\/strong>: schvalov\u00e1n\u00ed, proxy, nahr\u00e1v\u00e1n\u00ed a forenzn\u00ed anal\u00fdza adminsessions.<\/li>\n<li><strong>JIT (Just-In-Time)<\/strong> a <strong>JEA (Just-Enough-Access)<\/strong>: do\u010dasn\u00e9, minimalizovan\u00e9 opr\u00e1vn\u011bn\u00ed nam\u00edsto trval\u00fdch glob\u00e1ln\u00edch rol\u00ed.<\/li>\n<\/ul>\n<h2>Spr\u00e1va strojov\u00fdch identit, tajemstv\u00ed a certifik\u00e1t\u016f<\/h2>\n<p>Mikroslu\u017eby, kontejnery a IoT generuj\u00ed exponenci\u00e1ln\u00ed r\u016fst strojov\u00fdch identit. IAM proto mus\u00ed pokr\u00fdvat:<\/p>\n<ul>\n<li>Automatizovan\u00e9 vyd\u00e1v\u00e1n\u00ed certifik\u00e1t\u016f (ACME), rotace kl\u00ed\u010d\u016f a kr\u00e1tk\u00e1 \u017eivotnost token\u016f.<\/li>\n<li>Bezpe\u010dn\u00e9 injektov\u00e1n\u00ed tajemstv\u00ed do runtime (kubernetes secrets, sidecar\/CSI, dynamic secrets).<\/li>\n<li>Invent\u00e1\u0159 a revize neaktivn\u00edch\/unikl\u00fdch tajemstv\u00ed, skenov\u00e1n\u00ed repozit\u00e1\u0159\u016f a artefakt\u016f.<\/li>\n<\/ul>\n<h2>IAM v cloudu, multicloudu a SaaS (CIEM)<\/h2>\n<p>Cloud Infrastructure Entitlement Management (CIEM) p\u0159in\u00e1\u0161\u00ed viditelnost a \u0159\u00edzen\u00ed opr\u00e1vn\u011bn\u00ed v IaaS\/PaaS (AWS\/Azure\/GCP). Zam\u011b\u0159uje se na princip minim\u00e1ln\u00edch opr\u00e1vn\u011bn\u00ed, detekci nadm\u011brn\u00fdch pr\u00e1v a automatick\u00e9 <em>right-sizing<\/em> rol\u00ed. D\u016fle\u017eit\u00e9 je sjednocen\u00ed identity (IDP) pro SaaS aplikace, federace a SCIM provisioning.<\/p>\n<h2>Zero Trust a IAM jako rozhodovac\u00ed mozek<\/h2>\n<p>Zero Trust p\u0159edpokl\u00e1d\u00e1, \u017ee s\u00ed\u0165 je ned\u016fv\u011bryhodn\u00e1; d\u016fv\u011bra se odvozuje z identity a kontextu. IAM zde pln\u00ed roli <em>control-plane<\/em> pro rozhodnut\u00ed: kdo m\u00e1 p\u0159\u00edstup, odkud, na jak\u00e9m za\u0159\u00edzen\u00ed a k \u010demu. Enforcement prob\u00edh\u00e1 p\u0159es PEP v reverzn\u00edch proxy, API gateway a na \u00farovni aplikac\u00ed \u010di koncov\u00fdch bod\u016f.<\/p>\n<h2>Architektonick\u00e9 vzory a integra\u010dn\u00ed vrstvy<\/h2>\n<ul>\n<li><strong>Centralizovan\u00e9 IDP + SSO<\/strong>: jednotn\u00fd login, OIDC\/SAML pro aplikace, MFA a risk engine.<\/li>\n<li><strong>Policy decision\/Enforcement<\/strong>: PDP (nap\u0159. OPA) hodnot\u00ed politiky; PEP v aplikaci\/gateway vynucuje.<\/li>\n<li><strong>Identity orchestration<\/strong>: vizu\u00e1ln\u00ed toky (logiky p\u0159ihl\u00e1\u0161en\u00ed, step-up, registrace, recovery).<\/li>\n<li><strong>Directory Sync<\/strong>: synchronizace atribut\u016f mezi AD, HR a cloudem; kolize \u0159e\u0161it pravidly precedence.<\/li>\n<\/ul>\n<h2>Projektov\u00fd postup zaveden\u00ed IAM (pragmatick\u00fd r\u00e1mec)<\/h2>\n<ol>\n<li><strong>As-is anal\u00fdza<\/strong>: invent\u00e1\u0159 aplikac\u00ed, mapov\u00e1n\u00ed AuthN\/AuthZ, identifika\u010dn\u00edch zdroj\u016f, rizik.<\/li>\n<li><strong>Target Operating Model<\/strong>: definice governance (RACI), vlastnictv\u00ed atribut\u016f, SLA a politik.<\/li>\n<li><strong>Minimal Viable Scope<\/strong>: IDP+SSO, MFA, JML automatizace pro top SaaS a kritick\u00e9 aplikace.<\/li>\n<li><strong>Federace a SCIM<\/strong>: p\u0159ipojen\u00ed 20\u201330 aplikac\u00ed dle business priority, pilot passwordless.<\/li>\n<li><strong>Governance<\/strong>: kampan\u011b recertifikac\u00ed, SoD matice, role mining a right-sizing.<\/li>\n<li><strong>PAM\/CIEM<\/strong>: ochrana admin p\u0159\u00edstup\u016f, zviditeln\u011bn\u00ed cloudov\u00fdch opr\u00e1vn\u011bn\u00ed, JIT p\u0159\u00edstupy.<\/li>\n<li><strong>Metriky a lad\u011bn\u00ed<\/strong>: m\u011b\u0159en\u00ed, incidenty, UX vlny, roz\u0161\u00ed\u0159en\u00ed na dlouh\u00fd chvost aplikac\u00ed.<\/li>\n<\/ol>\n<h2>Bezpe\u010dnostn\u00ed hrozby a obrann\u00e9 vzorce<\/h2>\n<ul>\n<li><strong>Phishing\/password spraying<\/strong>: nasadit FIDO2, detekci anom\u00e1li\u00ed a bloky slab\u00fdch\/kompromitovan\u00fdch hesel.<\/li>\n<li><strong>MFA fatigue<\/strong>: p\u0159ej\u00edt z push-MFA na phishing-resistentn\u00ed metody; limity a risk-based approvals.<\/li>\n<li><strong>Session hijacking\/fixation<\/strong>: kr\u00e1tk\u00e9 lifetime token\u016f, rotace p\u0159i zm\u011bn\u011b rizika, <em>DPoP\/MTLS<\/em> u API.<\/li>\n<li><strong>Enrollment\/recovery \u00fatoky<\/strong>: siln\u00e9 ov\u011b\u0159en\u00ed identity p\u0159i registraci faktor\u016f, postupy \u201ein person\u201c pro VIP.<\/li>\n<li><strong>Shadow IT a sirot\u010d\u00ed \u00fa\u010dty<\/strong>: SCIM a pravideln\u00e1 korelace identity vs. \u00fa\u010dty, detekce nevyu\u017eit\u00fdch p\u0159\u00edstup\u016f.<\/li>\n<\/ul>\n<h2>Compliance, audit a soulad s GDPR<\/h2>\n<ul>\n<li><strong>Minimalizace dat<\/strong>: evidovat pouze nutn\u00e9 atributy; klasifikace a reten\u010dn\u00ed politiky.<\/li>\n<li><strong>Pr\u00e1va subjekt\u016f<\/strong>: p\u0159\u00edstup, oprava, v\u00fdmaz; transparentn\u00ed informov\u00e1n\u00ed o zpracov\u00e1n\u00ed identit.<\/li>\n<li><strong>Auditn\u00ed stopy<\/strong>: nem\u011bniteln\u00e9 logy p\u0159ihl\u00e1\u0161en\u00ed, rozhodnut\u00ed politik a zm\u011bn opr\u00e1vn\u011bn\u00ed; korelace s SIEM.<\/li>\n<li><strong>SoD a recertifikace<\/strong>: pravideln\u00e9 kampan\u011b, dolo\u017eiteln\u00e1 schv\u00e1len\u00ed a od\u016fvodn\u011bn\u00ed p\u0159\u00edstup\u016f.<\/li>\n<\/ul>\n<h2>Dostupnost, \u0161k\u00e1lov\u00e1n\u00ed a v\u00fdkon<\/h2>\n<ul>\n<li><strong>HA IDP<\/strong>: v\u00edce z\u00f3n\/region\u016f, health-checks, stateless \u0161k\u00e1lov\u00e1n\u00ed a cache (JWKS, metadata, sessions).<\/li>\n<li><strong>Token lifetimes a revokace<\/strong>: vyv\u00e1\u017eit UX vs. riziko; preferovat kr\u00e1tk\u00e9 access tokeny a refresh token rotation.<\/li>\n<li><strong>Disaster Recovery<\/strong>: z\u00e1lohy adres\u00e1\u0159e a konfigurac\u00ed, runbooky a pravideln\u00e9 cvi\u010den\u00ed obnovy.<\/li>\n<\/ul>\n<h2>IAM pro v\u00fdvoj\u00e1\u0159e: jak spr\u00e1vn\u011b integrovat aplikaci<\/h2>\n<ol>\n<li>Pou\u017eijte OIDC\/OAuth knihovny a <em>authorization code flow<\/em> s PKCE pro ve\u0159ejn\u00e9 klienty.<\/li>\n<li>Validujte podpis a expiraci JWT, omezte audience a scopes na minimum.<\/li>\n<li>Implementujte <em>logout<\/em> a <em>back-channel<\/em> revokaci; respektujte <em>nonce<\/em> a <em>state<\/em>.<\/li>\n<li>Pro API pou\u017eijte <em>client credentials<\/em> nebo <em>mTLS\/DPoP<\/em> pro vazbu tokenu na klienta.<\/li>\n<li>Logujte rozhodnut\u00ed AuthZ a korelujte s korela\u010dn\u00edm ID pro audit a troubleshooting.<\/li>\n<\/ol>\n<h2>Metriky a KPI pro \u0159\u00edzen\u00ed IAM<\/h2>\n<table>\n<thead>\n<tr>\n<th>KPI<\/th>\n<th>Definice<\/th>\n<th>C\u00edlov\u00e1 hodnota (orienta\u010dn\u00ed)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>M\u00edra SSO adopce<\/td>\n<td>% p\u0159\u00edstup\u016f p\u0159es IDP vs. lok\u00e1ln\u00ed loginy<\/td>\n<td>&gt; 90 %<\/td>\n<\/tr>\n<tr>\n<td>Automatize JML<\/td>\n<td>% \u00fa\u010dt\u016f spravovan\u00fdch SCIM\/HR integrac\u00ed<\/td>\n<td>&gt; 95 %<\/td>\n<\/tr>\n<tr>\n<td>Mean Time to Deprovision<\/td>\n<td>\u010cas od odchodu do odebr\u00e1n\u00ed v\u0161ech p\u0159\u00edstup\u016f<\/td>\n<td>&lt; 15 minut<\/td>\n<\/tr>\n<tr>\n<td>MFA pokryt\u00ed<\/td>\n<td>% aktivn\u00edch \u00fa\u010dt\u016f se silnou AuthN<\/td>\n<td>&gt; 98 %<\/td>\n<\/tr>\n<tr>\n<td>Excess Privilege Rate<\/td>\n<td>% \u00fa\u010dt\u016f s nadm\u011brn\u00fdmi rolemi<\/td>\n<td>&lt; 3 %<\/td>\n<\/tr>\n<tr>\n<td>Phishing-resistant AuthN<\/td>\n<td>% p\u0159ihl\u00e1\u0161en\u00ed FIDO2\/passkeys<\/td>\n<td>&gt; 60 % (rostouc\u00ed)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Ekonomika a licencov\u00e1n\u00ed IAM<\/h2>\n<p>N\u00e1klady zahrnuj\u00ed licence (za u\u017eivatele\/aplikaci\/tenant), provoz infrastruktury, integra\u010dn\u00ed pr\u00e1ci a governance. ROI se op\u00edr\u00e1 o sn\u00ed\u017een\u00ed incident\u016f, \u00fasporu \u010dasu Service Desku (reset hesel), rychlej\u0161\u00ed on-boarding a ni\u017e\u0161\u00ed auditn\u00ed n\u00e1klady. D\u016fle\u017eit\u00e9 je pl\u00e1novat <em>role mining<\/em> a standardizaci atribut\u016f pro sn\u00ed\u017een\u00ed komplexity, kter\u00e1 jinak \u017eene n\u00e1klady nahoru.<\/p>\n<h2>\u010cast\u00e9 chyby p\u0159i implementaci a jak se jim vyhnout<\/h2>\n<ul>\n<li><strong>Only-tech p\u0159\u00edstup<\/strong>: bez jasn\u00e9ho vlastnictv\u00ed proces\u016f a dat IAM sel\u017ee; definujte RACI a governance.<\/li>\n<li><strong>Permanentn\u00ed admin role<\/strong>: nahra\u010fte je JIT\/JEA a auditujte v\u00fdjimky.<\/li>\n<li><strong>Nedostate\u010dn\u00fd atributov\u00fd model<\/strong>: bez kvalitn\u00edch atribut\u016f jsou politiky nep\u0159esn\u00e9; stanovte slovn\u00edk a datov\u00e9 kvality.<\/li>\n<li><strong>Ignorace UX<\/strong>: p\u0159\u00edli\u0161 \u010dast\u00e9 MFA nebo dlouh\u00e9 flows vedou k obejit\u00ed kontrol; zav\u00e1d\u011bjte adaptivn\u00ed MFA.<\/li>\n<li><strong>Ne\u0159e\u0161en\u00e9 strojov\u00e9 identity<\/strong>: zapomenut\u00e9 tokeny v k\u00f3du a repozit\u00e1\u0159\u00edch \u2192 pou\u017e\u00edvejte dynamick\u00e1 tajemstv\u00ed a rotace.<\/li>\n<\/ul>\n<h2>Referen\u010dn\u00ed kontroln\u00ed seznam (zkr\u00e1cen\u00fd)<\/h2>\n<ul>\n<li>Centr\u00e1ln\u00ed IDP s MFA a podporou FIDO2\/WebAuthn.<\/li>\n<li>Federace (OIDC\/SAML) pro v\u0161echny SaaS a extern\u00ed partnery.<\/li>\n<li>SCIM provisioning ze zdroje HR, automatick\u00fd JML.<\/li>\n<li>RBAC jako z\u00e1klad, ABAC\/PBAC pro citliv\u00e9 sc\u00e9n\u00e1\u0159e; SoD matice.<\/li>\n<li>PAM trezor, JIT p\u0159\u00edstupy a session recording pro adminy.<\/li>\n<li>CIEM viditelnost v cloudu a <em>right-sizing<\/em> rol\u00ed.<\/li>\n<li>Auditn\u00ed logy do SIEM, pravideln\u00e9 recertifikace p\u0159\u00edstup\u016f.<\/li>\n<li>DR\/HA architektura IDP a pravideln\u00e1 cvi\u010den\u00ed.<\/li>\n<\/ul>\n<h2>Z\u00e1v\u011br<\/h2>\n<p>IAM je strategick\u00e1 discipl\u00edna, kter\u00e1 propojuje bezpe\u010dnost, provoz i byznys. \u00dasp\u011bch stoj\u00ed na kombinaci standard\u016f (OIDC, OAuth 2.0, SAML, SCIM, FIDO2), dob\u0159e navr\u017een\u00fdch proces\u016f (JML, recertifikace, SoD), a technologi\u00ed (IDP, PAM, CIEM, policy engine). Spr\u00e1vn\u011b nastaven\u00e9 IAM zvy\u0161uje bezpe\u010dnost, zlep\u0161uje u\u017eivatelskou zku\u0161enost a sni\u017euje n\u00e1klady \u2013 a je nezbytn\u00fdm p\u0159edpokladem pro Zero Trust a modern\u00ed cloud-native prost\u0159ed\u00ed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Spr\u00e1va ident\u00edt a pr\u00edstupov: SSO, MFA a role. Ako nastavi\u0165 lifecycle pou\u017e\u00edvate\u013eov, audit a feder\u00e1ciu, aby syst\u00e9my zostali bezpe\u010dn\u00e9 a pohodln\u00e9.<\/p>\n","protected":false},"author":46,"featured_media":84143,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[617],"tags":[250,1792,1793,1794,1795,1796,1797,1798],"class_list":["post-44143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-telekomunikacie","tag-audit","tag-federacia","tag-lifecycle","tag-mfa","tag-provisioning","tag-rbac","tag-sprava-identit-iam","tag-sso"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace - Auto\u0161koly.sk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace - Auto\u0161koly.sk\" \/>\n<meta property=\"og:description\" content=\"Spr\u00e1va ident\u00edt a pr\u00edstupov: SSO, MFA a role. Ako nastavi\u0165 lifecycle pou\u017e\u00edvate\u013eov, audit a feder\u00e1ciu, aby syst\u00e9my zostali bezpe\u010dn\u00e9 a pohodln\u00e9.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/\" \/>\n<meta property=\"og:site_name\" content=\"Auto\u0161koly.sk\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vrtulniky\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-31T15:28:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-4143.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1066\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Veronika Benkov\u00e1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Veronika Benkov\u00e1\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 min\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/\"},\"author\":{\"name\":\"Veronika Benkov\u00e1\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#\\\/schema\\\/person\\\/73d308367c26475e68925c6854f42643\"},\"headline\":\"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace\",\"datePublished\":\"2026-01-31T15:28:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/\"},\"wordCount\":1635,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-4143.jpg\",\"keywords\":[\"audit\",\"feder\u00e1cia\",\"lifecycle\",\"MFA\",\"provisioning\",\"RBAC\",\"spr\u00e1va ident\u00edt (IAM)\",\"SSO\"],\"articleSection\":[\"Telekomunik\u00e1cie\"],\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/\",\"url\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/\",\"name\":\"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace - Auto\u0161koly.sk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-4143.jpg\",\"datePublished\":\"2026-01-31T15:28:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-4143.jpg\",\"contentUrl\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-4143.jpg\",\"width\":1600,\"height\":1066,\"caption\":\"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#website\",\"url\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/\",\"name\":\"Auto\u0161koly.sk\",\"description\":\"Web o cestovan\u00ed, podnikan\u00ed, doprave a motorizme\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#organization\",\"name\":\"Auto\u0161koly.sk\",\"url\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/news-autoskoly-sk-logo-head.png\",\"contentUrl\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/news-autoskoly-sk-logo-head.png\",\"width\":112,\"height\":113,\"caption\":\"Auto\u0161koly.sk\"},\"image\":{\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/vrtulniky\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/#\\\/schema\\\/person\\\/73d308367c26475e68925c6854f42643\",\"name\":\"Veronika Benkov\u00e1\",\"url\":\"https:\\\/\\\/www.autoskoly.sk\\\/news\\\/author\\\/veronika-benkova\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace - Auto\u0161koly.sk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/","og_locale":"sk_SK","og_type":"article","og_title":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace - Auto\u0161koly.sk","og_description":"Spr\u00e1va ident\u00edt a pr\u00edstupov: SSO, MFA a role. Ako nastavi\u0165 lifecycle pou\u017e\u00edvate\u013eov, audit a feder\u00e1ciu, aby syst\u00e9my zostali bezpe\u010dn\u00e9 a pohodln\u00e9.","og_url":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/","og_site_name":"Auto\u0161koly.sk","article_publisher":"https:\/\/www.facebook.com\/vrtulniky\/","article_published_time":"2026-01-31T15:28:08+00:00","og_image":[{"width":1600,"height":1066,"url":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-4143.jpg","type":"image\/jpeg"}],"author":"Veronika Benkov\u00e1","twitter_card":"summary_large_image","twitter_misc":{"Autor":"Veronika Benkov\u00e1","Predpokladan\u00fd \u010das \u010d\u00edtania":"8 min\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#article","isPartOf":{"@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/"},"author":{"name":"Veronika Benkov\u00e1","@id":"https:\/\/www.autoskoly.sk\/news\/#\/schema\/person\/73d308367c26475e68925c6854f42643"},"headline":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace","datePublished":"2026-01-31T15:28:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/"},"wordCount":1635,"commentCount":0,"publisher":{"@id":"https:\/\/www.autoskoly.sk\/news\/#organization"},"image":{"@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#primaryimage"},"thumbnailUrl":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-4143.jpg","keywords":["audit","feder\u00e1cia","lifecycle","MFA","provisioning","RBAC","spr\u00e1va ident\u00edt (IAM)","SSO"],"articleSection":["Telekomunik\u00e1cie"],"inLanguage":"sk-SK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/","url":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/","name":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace - Auto\u0161koly.sk","isPartOf":{"@id":"https:\/\/www.autoskoly.sk\/news\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#primaryimage"},"image":{"@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#primaryimage"},"thumbnailUrl":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-4143.jpg","datePublished":"2026-01-31T15:28:08+00:00","breadcrumb":{"@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#primaryimage","url":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-4143.jpg","contentUrl":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-4143.jpg","width":1600,"height":1066,"caption":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace"},{"@type":"BreadcrumbList","@id":"https:\/\/www.autoskoly.sk\/news\/sprava-identit-a-pristupu-iam-autentizace-a-autorizace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.autoskoly.sk\/news\/"},{"@type":"ListItem","position":2,"name":"Spr\u00e1va identit a p\u0159\u00edstup\u016f (IAM): Autentizace a autorizace"}]},{"@type":"WebSite","@id":"https:\/\/www.autoskoly.sk\/news\/#website","url":"https:\/\/www.autoskoly.sk\/news\/","name":"Auto\u0161koly.sk","description":"Web o cestovan\u00ed, podnikan\u00ed, doprave a motorizme","publisher":{"@id":"https:\/\/www.autoskoly.sk\/news\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.autoskoly.sk\/news\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Organization","@id":"https:\/\/www.autoskoly.sk\/news\/#organization","name":"Auto\u0161koly.sk","url":"https:\/\/www.autoskoly.sk\/news\/","logo":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/www.autoskoly.sk\/news\/#\/schema\/logo\/image\/","url":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2022\/08\/news-autoskoly-sk-logo-head.png","contentUrl":"https:\/\/www.autoskoly.sk\/news\/wp-content\/uploads\/2022\/08\/news-autoskoly-sk-logo-head.png","width":112,"height":113,"caption":"Auto\u0161koly.sk"},"image":{"@id":"https:\/\/www.autoskoly.sk\/news\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vrtulniky\/"]},{"@type":"Person","@id":"https:\/\/www.autoskoly.sk\/news\/#\/schema\/person\/73d308367c26475e68925c6854f42643","name":"Veronika Benkov\u00e1","url":"https:\/\/www.autoskoly.sk\/news\/author\/veronika-benkova\/"}]}},"_links":{"self":[{"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/posts\/44143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/comments?post=44143"}],"version-history":[{"count":1,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/posts\/44143\/revisions"}],"predecessor-version":[{"id":926684,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/posts\/44143\/revisions\/926684"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/media\/84143"}],"wp:attachment":[{"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/media?parent=44143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/categories?post=44143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.autoskoly.sk\/news\/wp-json\/wp\/v2\/tags?post=44143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}