18 Must-Read Access Management Books for Professionals

18 Must-Read Access Management Books for Professionals

Solutions Review compiles the 18 essential access management books professionals need to add to their reading lists.

Access Management now comprises the new digital perimeter for businesses and a key consideration in all workflows. Given that the vast majority of cyber-attacks begin at the authentication or log-in stage, access management matters more than ever. We’ve listed the top 18 access management books professionals should add to their reading lists. These books are intended for beginners and experts alike and are written by authors with proficiency and/or recognition in the fields of access management and identity management.

Be sure to also consult our Identity Management Buyer’s Guide for information on the top identity and access management solution providers. It’s the perfect resource if you don’t want your organization to suffer from credentials compromise and insider threats.

Note: Titles of these access management books are listed in no particular order.

18 Must-Read Access Management Books for Professionals

Active Directory Administration Cookbook: Actionable, proven solutions to identity management and authentication on servers and in the cloud

By Sander Berkouwer

Top Ten Books for Identity Management ProfessionalsThis book starts off with comprehensive insights into forests, domains, trusts, schemas, and partitions. Next, you’ll learn how to manage domain controllers, organizational units and default containers. You’ll then get up to speed with monitoring Active Directory sites as well as identifying and solving replication problems. Later chapters will cover the different components of Active Directory and demonstrate how to manage users, groups, and computers.”

Available here. 

Personal Information Security & Systems Architecture: Techniques for PII Management in a Business

By Sander Berkouwer

Generic cyber-attacks in APAC alone has cost an estimated $1.7 trillion in 2017 (Yu, 2018). The amount stolen is staggering; it’s a multi-billion dollar “underground business” affecting everyone.Governments, given such breaches and rampant wholesale data collection, are quickly creating robust legislation. Businesses, when faced with having to meet such evolving regulatory requirements, find it hard working out what to do; this is where this book excels. It explains what to focus on, when and why. Detailed are security, architectural and technical best practices based on real-world experience, combined with a PII focus.

Available here.

Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0

By Yvonne Wilson and Abhishek Hingnikar

Top Ten Books for Identity Management ProfessionalsAt a time when security breaches result in increasingly onerous penalties, it is paramount that application developers and owners understand identity management and the value it provides when building applications. This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Application best practices with coding samples are provided.

Available here.

Identity Management: A Primer

By Graham Williamson, Ilan Sharoni, David Yip, and Kent Spaulding

“In a corporate setting, it is essential to identify and control the way in which the organization deals with customers, suppliers, employees, and other users who may interact with the information systems of the company. Providing strategies for overcoming this task in real-world terms as well as questions that assist in focusing on the key issues in each chapter—ranging from role-based access control to single sign-ons and electronic identity smart cards—this text provides students and professionals alike with a valuable tool for understanding the complexity of identity in a virtual world.”

Available here.

Identity Management: A Business Perspective

By Graham Williamson

Top Ten Books for Identity Management Professionals“This book will help managers and CIOs understand: • Automating identity provisioning into your access control systems • How to evaluate the maturity of your identity management environment • The difference between authentication and authorization • Why federated authentication is so important and how to get it right • How roles and attributes are used to determine access control • The level of digital transformation that’s coming in the management of consumer identities.”

Available here. 

Securing the Perimeter: Deploying Identity and Access Management with Free Open Source Software

By Michael Schwartz and Maciej Machulak

Securing the Perimeter documents a recipe to take advantage of open standards to build an enterprise-class IAM service using free open source software. This recipe can be adapted to meet the needs of both small and large organizations. While not a comprehensive guide for every application, this book provides the key concepts and patterns to help administrators and developers leverage a central security infrastructure.”

Available here. 

Identity And Access Management A Complete Guide – 2020 Edition

By Gerardus Blokdyk

Top Ten Books for Identity Management ProfessionalsHow do I reduce the effort in the Identity And Access Management work to be done to get problems solved? How can I ensure that plans of action include every Identity And Access Management task and that every Identity And Access Management outcome is in place?… Blokdyk ensures all Identity And Access Management essentials are covered, from every angle.

Available here. 

Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution

By Morey J. Haber and Darran Rolls

As a solution, Identity Access Management (IAM) has emerged as the cornerstone of enterprise security.  Managing accounts, credentials, roles, certification, and attestation reporting for all resources is now a security and compliance mandate. When identity theft and poor identity management is leveraged as an attack vector, risk and vulnerabilities increase exponentially. As cyber attacks continue to increase in volume and sophistication, it is not a matter of if, but when, your organization will have an incident.

Available here. 

Identity Management with Biometrics: Explore the latest innovative solutions to provide secure identification and authentication

By Lisa Bock

Starting with an overview of biometrics, you’ll learn the various uses and applications of biometrics in fintech, buildings, border control, and many other fields. You’ll understand the characteristics of an optimal biometric system and then review different types of errors and discover the benefits of multi-factor authentication…The book outlines the importance of protecting biometric data by using encryption and shows you which factors to consider and how to analyze them before investing in biometric technologies.

Available here. 

Access 2019 Bible

By Michael Alexander and Richard Kusleika

Top Ten Books for Identity Management Professionals“Access enables database novices and programmers to store, organize, view, analyze, and share data, as well as build powerful, integrable, custom database solutions — but databases can be complex, and difficult to navigate. This book helps you harness the power of the database with a solid understanding of their purpose, construction, and application.”

Available here. 

OAuth 2 in Action

By Justin Richer and Antonio Sanso

OAuth 2 in Action teaches you the practical use and deployment of this HTTP-based protocol from the perspectives of a client, authorization server, and resource server. You’ll learn how to confidently and securely build and deploy OAuth on both the client and server sides…Think of OAuth 2 as the web version of a valet key. It is an HTTP-based security protocol that allows users of a service to enable applications to use that service on their behalf without handing over full control. And OAuth is used everywhere, from Facebook and Google, to startups and cloud services.

Available here

Getting Started with OAuth 2.0: Programming Clients for Secure Web API Authorization and Authentication

By Ryan Boyd

access management booksWhether you develop web applications or mobile apps, the OAuth 2.0 protocol will save a lot of headaches. This concise introduction shows you how OAuth provides a single authorization technology across numerous APIs on the Web, so you can securely access users’ data—such as user profiles, photos, videos, and contact lists—to improve their experience of your application. Through code examples, step-by-step instructions, and use-case examples, you’ll learn how to apply OAuth 2.0 to your server-side web application, client-side app, or mobile app. Find out what it takes to access social graphs, store data in a user’s online filesystem, and perform many other tasks.”

Available here

Authentication and Access Control: Practical Cryptography Methods and Tools

By Sirapat Boonkrong

This book begins with the theoretical background of cryptography and the foundations of authentication technologies and attack mechanisms. You will learn about the mechanisms that are available to protect computer networks, systems, applications, and general digital technologies. Different methods of authentication are covered, including the most commonly used schemes in password protection: two-factor authentication and multi-factor authentication. You will learn how to securely store passwords to reduce the risk of compromise. Biometric authentication―a mechanism that has gained popularity over recent years―is covered, including its strengths and weaknesses.

Available here

Identity and Data Security for Web Development: Best Practices

By Jonathan LeBlanc and Tim Messerschmidt

access management booksDevelopers, designers, engineers, and creators can no longer afford to pass responsibility for identity and data security onto others. Web developers who don’t understand how to obscure data in transmission, for instance, can open security flaws on a site without realizing it. With this practical guide, you’ll learn how and why everyone working on a system needs to ensure that users and data are protected.

Available here. 

Identity Management with Biometrics: Explore the latest innovative solutions to provide secure identification and authentication

By Lisa Bock

authentication booksStarting with an overview of biometrics, you’ll learn the various uses and applications of biometrics in fintech, buildings, border control, and many other fields. You’ll understand the characteristics of an optimal biometric system and then review different types of errors and discover the benefits of multi-factor authentication. You’ll also get to grips with analyzing a biometric system for usability and accuracy and understand the process of implementation, testing, and deployment, along with addressing privacy concerns. The book outlines the importance of protecting biometric data by using encryption and shows you which factors to consider and how to analyze them before investing in biometric technologies.

Available here. 

Hacking Multifactor Authentication

By Roger A. Grimes

access management booksThis book covers over two dozen ways that various MFA solutions can be hacked, including the methods (and defenses) common to all MFA solutions. You’ll learn about the various types of MFA solutions, their strengthens and weaknesses, and how to pick the best, most defensible MFA solution for your (or your customers’) needs. Finally, this book reveals a simple method for quickly evaluating your existing MFA solutions. If using or developing a secure MFA solution is important to you, you need this book.

Available here

Zero Trust Networks: Building Secure Systems in Untrusted Networks 

By Evan Gilman and Doug Barth

Perimeter defenses guarding your network aren’t as secure as you might think. Hosts behind the firewall have no defenses of their own, so when a host in the “trusted” zone is breached, access to your data center is not far behind. This practical book introduces you to the zero trust model, a method that treats all hosts as if they’re internet-facing, and considers the entire network to be compromised and hostile.

Available here

Password Authentication for Web and Mobile Apps: The Developer’s Guide To Building Secure User Authentication

By Dmitry Chestnykh

access management booksAuthenticating users with passwords is a fundamental part of web and mobile security. It is also the part that’s easy to get wrong. This book is for developers who want to learn how to implement password authentication correctly and securely. It answers many questions that everyone has when writing their own authentication system or learning a framework that implements it.

Available here.

Thanks for checking out our list of top 18 access management books for professionals. Be sure to also check out our Identity Management Buyer’s Guide

Solutions Review participates in affiliate programs. We may make a small commission from products  purchased through this resource.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner