Identity Access Management, or IAM, is, in a nutshell, a system used to ensure that the right individuals have access to the right resources at the right times and for the right reasons. In a modern large organization the relationships between the individuals and the resources can be very complex. What complicates the situation even further is the need to ensure the access is done for the right reasons. Organizations impose a host of rules on who can and cannot access applications and the underlying data, since permission to run applications are normally associated with data access, and the data can be proprietary, PII, and otherwise not open for public consumption. Identity management solutions apply these rules to determine the level of access for every user and every resource. One of the most significant concerns is Segregation of Duty (SoD) requirement.