IAM Tools
Identity and Access Management solutions for identity governance, access control, authentication, privileged access management, and zero trust security.
Browse 918 iam tools
FEATURED
USE CASES
A portable public domain password hashing framework for PHP applications.
IAM Floyd is a code generation tool that provides a fluent interface for creating AWS IAM policy statements with comprehensive service coverage and CDK integration support.
IAMSpy is a library that uses the Z3 prover to analyze AWS IAM policies and query whether specific actions are allowed or denied.
A CLI tool for generating AWS IAM policy documents, SAM policy templates, and SAM Connectors using JSON definitions from the AWS Policy Generator.
A CLI utility that simplifies switching between different AWS roles by automatically managing AWS credentials file modifications.
A Lambda function that automatically disables AWS IAM User Access Keys after a specified time period to reduce security risks from aging credentials.
A NodeJS/TypeScript library that generates IAM Policy Actions Statements for AWS services with predefined constants and factory classes for AWS CDK integration.
CloudTracker analyzes CloudTrail logs against IAM policies to identify over-privileged AWS users and roles by comparing actual permission usage with granted permissions.
Policy Sentry is an automated IAM policy generator that helps developers create least privilege AWS IAM policies through a template-based workflow.
AirIAM analyzes AWS IAM usage patterns and generates least-privilege Terraform configurations to optimize cloud access management.
Repokid automatically removes unused service permissions from AWS IAM role inline policies using Access Advisor data to implement least privilege access.
Kiam is a Kubernetes agent that allows Pods to assume AWS IAM roles, though it is being deprecated in favor of AWS' official IAM roles for Service Accounts solution.
A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.
Aaia visualizes AWS IAM and Organizations data in Neo4j graph format to help identify security outliers and conduct privilege escalation analysis through Cypher queries.
A simple drop-in library for managing users, permissions, and groups in your application.
Project hosting scripts for implementing Pass the Hash mitigations with PtHTools module commands.
A Docker-based utility that monitors TLS certificate expiration dates and exposes the data as Prometheus metrics with support for Kubernetes ingress discovery and configurable domain filtering.
A command-line password manager that encrypts credentials using GnuPG and stores them in YAML files with git synchronization support.
kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.
A Helm plugin that decrypts encrypted value files using sops encryption and integrates with cloud secret managers for secure secrets management in Kubernetes deployments.
CredStash is a credential management tool that securely stores and retrieves sensitive information using AWS KMS encryption.
GPG Sync is a tool designed to keep OpenPGP public keys up-to-date within an organization by offloading the complexity of key management to a single trusted person.
IAM Zero detects identity and access management issues and automatically suggests least-privilege policies by analyzing application errors and access patterns in cloud environments.
A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.
IAM Specializations
918 tools across 7 specializations · 51 free, 867 commercial
Certificate Lifecycle Management
Certificate lifecycle management tools for automated SSL/TLS certificate provisioning, renewal, and PKI management.
Identity Governance and Administration
Identity Governance and Administration (IGA) platforms for identity lifecycle management, access governance, role management, and compliance reporting.
Identity Threat Detection and Response
Identity Threat Detection and Response (ITDR) solutions for detecting identity-based attacks, credential theft, and compromised accounts in real-time.
IAM Tools FAQ
Common questions about IAM tools, selection guides, pricing, and comparisons.
IAM (Identity and Access Management) is the broad category covering all identity-related security. PAM (Privileged Access Management) specifically secures high-risk accounts like admin, root, and service accounts with session recording, just-in-time access, and credential vaulting. IGA (Identity Governance and Administration) focuses on access lifecycle management, certification reviews, and ensuring users only have the access they need.
If you have admin accounts, shared credentials, service accounts, or any users with elevated privileges, you need PAM. Standard IAM handles authentication and basic authorization, but PAM adds critical controls for privileged access: credential vaulting, session recording, just-in-time elevation, and break-glass procedures. Compromised privileged accounts are involved in the majority of serious breaches.
ITDR is an emerging category that detects attacks targeting identity infrastructure: credential theft, Kerberoasting, pass-the-hash, MFA bypass, and Active Directory attacks. While IAM and PAM focus on prevention (controlling who can access what), ITDR focuses on detection and response when identity-based attacks are in progress. It fills the gap between identity management and security operations.
Passwordless authentication (FIDO2, passkeys, biometrics) eliminates the password entirely, removing the most commonly attacked credential. Traditional MFA adds a second factor but still relies on passwords. Passwordless is more secure and provides better user experience, but requires compatible infrastructure. Start with FIDO2/passkey support for high-risk users and gradually expand across the organization.
