Advanced Authentication Mechanisms for Identity and Access Management in Cloud Computing Amjad Alsirhani, Mohamed Ezz and Ayman Mohamed Mostafa * College of Computer and Information Sciences, Jouf University, Sakaka, 72314, Saudi Arabia *Corresponding Author: Ayman Mohamed Mostafa. Email: amhassane@ju.edu.sa Received: 02 November 2021; Accepted: 03 December 2021 Abstract: Identity management is based on the creation and management of user identities for granting access to the cloud resources based on the user attributes. The cloud identity and access management (IAM) grants the authorization to the end-users to perform different actions on the specified cloud resources. The authorizations in the IAM are grouped into roles instead of granting them directly to the end-users. Due to the multiplicity of cloud locations where data resides and due to the lack of a centralized user authority for granting or denying cloud user requests, there must be several security strategies and models to overcome these issues. Another major concern in IAM services is the excessive or the lack of access level to different users with previously granted authorizations. This paper proposes a comprehensive review of security services and threats. Based on the presented services and threats, advanced frameworks for IAM that provide authentication mechanisms in public and private cloud platforms. A threat model has been applied to validate the proposed authentication frameworks with differ- ent security threats. The proposed models proved high efficiency in protecting cloud platforms from insider attacks, single sign-on failure, brute force attacks, denial of service, user privacy threats, and data privacy threats. Keywords: Identity management; cloud computing; security threats and authentication mechanisms 1 Introduction Cloud Computing is considered the most commonly used method for sharing information, resources, data, networks, and services for multiple users. The main objective of cloud computing is to build a service environment with authentication capabilities and low-cost facilities based on different deployment models such as infrastructure, platform, and software as a service [1]. Authentication mechanisms in cloud services are divided into physical security and digital security mechanisms [2]. Physical security mechanisms rely on the nature of using biometric authentication, such as face recognition, fingerprint recognition, and iris detection. Digital security mechanisms are based on passwords credentials, single sign-on (SSO), and multifactor authentication that is considered the most commonly used authentication method for access management in cloud computing. Different security standards such as access control This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Computer Systems Science & Engineering DOI: 10.32604/csse.2022.024854 Article ech T Press Science