Whenever you log into a website with a username/password combination, you are doing a process called *authentication* (AuthN), which verifies that you are, in fact, who you claim to be.

Authentication schemes are generally accepted to be based on one or more of three things:

* **Something you know** (password or PIN)
* **Something you have** (an access keycard or a cell phone)
* **Something you are** (fingerprint or retina scan)

Often times, online services will use multi-factor authentication (MFA) as a way of enhancing security. Even if one method of authentication is compromised (for example, passwords) a malicious person could not fraudulently authenticate because they did not possess the other form of authentication.

Because Authentication can be a complex and tricky process, companies will sometimes outsource it to other businesses that specialize in AuthN.

The best practice for a company is to have a single central director of users, groups and access restrictions. This makes it very easy to manage as there is only one place to make changes and also allows you to implement things like Single Sign On so that users may only have to have a single username and password for a lot of different services and may even not have to log on to each of them individually. There are a number of such central directory software that companies can set up themselves. You can then connect different software to this using protocols such as LDAP, OpenID or SAML. However as this is a common service for companies to have a lot of service providers will also offer it as a service. So instead of setting up your own software that you have to manage yourself you can just pay Amazon, Google, Microsoft, etc. to set up and maintain the Identity service for you. You still need to manage your users, groups and access permissions but you do not have to manage any of the software.