Machine learning in identity and access management systems: Survey and deep dive

The evolution of identity and access management (IAM) has been driven by the expansion of online services, cloud computing, and the Internet of Things (IoT). The proliferation of remote work, mobile applications, and interconnected devices has intensified the demand for robust identity protection and access control. As digital interactions and data sharing become more prevalent across industries, IAM has gained prominence, compelled by the need to safeguard sensitive information, prevent unauthorized access, and adhere to increasingly stringent regulatory frameworks. In parallel with IAM's evolution, the integration of artificial intelligence (AI) has emerged as a pivotal avenue for enhancing IAM effectiveness. This survey delves into the fusion of machine learning (ML) techniques to fortify IAM, with a specific focus on its core processes: authentication, authorization, and auditing. Addressing fundamental questions regarding ML's role in enhancing IAM processes, we begin by proposing a comprehensive definition of IAM within a unified layered-wise reference model, highlighting Authentication, Authorization, and Auditing functions (with focus on monitoring). Furthermore, our survey comprehensively explores ML-based solutions within IAM systems, presenting a taxonomy of state-of-the-art methodologies categorized by their application in IAM processes. Drawing from both qualitative and quantitative insights from cited references, we investigate how ML enhances the performance and security of IAM processes. Additionally, by investigating challenges in implementing ML in IAM systems, we shed light on issues such as data privacy concerns and the interpretability of ML-driven decisions. In conclusion, this paper makes a substantial contribution to the IAM landscape by providing comprehensive insights into the transformative role of ML. Addressing pivotal questions, our survey offers a roadmap to leverage ML's potential for enhancing the performance, security, and efficacy of IAM systems.