43: What is the Identity Runtime?
Post-authentication security is a key capability for the modern IAM platform
Takeaway Points:
The identity runtime is the live execution environment for identity
Identities (be there human, non-human or agentic) perform actions and access services, APIs and data
To do this they need an identifier, attributes, permissions (which we can classify as identity data)
During usage they will authenticate, be authorized and monitored
Each of those stages has numerous sub-stages such as credential life cycle management, just in time access request, behaviour monitoring and so on
This is becoming increasingly important as identity risk is occurring during usage, where as traditional controls have focused on profile storage and authentication
Core components of the identity runtime include:
credentials
session management
policy design
policy decisions
policy enforcement
behaviour monitoring



