Identity and access management, also known as IAM, is the application of policies, procedures, and technologies with the purpose of protecting data.
The IAM framework allows an organization to protect their data utilizing three core tenants, typically represented as points on a triangle.
Authentication is the action by which one entity proves their identity to another entity.
An example of authentication is entering a password, signing a message or certificate with a private key via asymmetrical cryptography, or scanning a fingerprint and other biometric means.
Authorization is the policy by which an organization will permit entities to have rights and privileges to certain data within the system. Specifically, authorizing is the defining of policy per an entity.