IAM books directory.

The books our practice leads recommend when someone asks "where do I start?"

All directoriesSubscribe for updates

01
Book
Solving Identity Management in Modern Applications (Yvonne Wilson + Abhishek Hingnikar)
Apress · OAuth 2.0 + OIDC + SAML for engineers
The single best technical primer for application engineers who need to integrate IAM.
02
Book
API Security in Action (Neil Madden)
Manning · OAuth 2.0 + OIDC + JWT + secrets
Best deep-dive on token-handling correctness; written by a practicing engineer.
03
Book
Modern Authentication with Azure Active Directory (Vittorio Bertocci)
Microsoft Press · pre-Entra-rebrand but still the canonical text
Microsoft estate engineers should own this. Vittorio is the author of the core Microsoft federation stack.
04
Book
Identity Attack Vectors (Morey Haber + Darran Rolls)
Apress · privileged + workforce identity from the attacker side
Pairs well with PAM deployments — the threat model the platform is defending against.
05
Book
Cloud Native Identity (Jay Beale + others)
O’Reilly · cloud-native authn/z patterns
Best book on workload identity, SPIFFE, and service-mesh authentication.
06
Book
Zero Trust Networks (Evan Gilman + Doug Barth)
O’Reilly · ZT foundations
Older now but still the most coherent explanation of zero-trust as an architecture, not a slogan.
07
Book
NIST SP 800-63 (the standards themselves)
NIST · free download
Not a book, but read it. Volumes A, B, and C define modern authentication assurance.
08
Book
Practical Cryptography for Developers (Svetlin Nakov)
Free online · crypto primer
When you need to remember what the difference between MAC and HMAC actually is.

IAM books directory.

The books our practice leads recommend when someone asks "where do I start?"

All directoriesSubscribe for updates

01
Book
Solving Identity Management in Modern Applications (Yvonne Wilson + Abhishek Hingnikar)
Apress · OAuth 2.0 + OIDC + SAML for engineers
The single best technical primer for application engineers who need to integrate IAM.
02
Book
API Security in Action (Neil Madden)
Manning · OAuth 2.0 + OIDC + JWT + secrets
Best deep-dive on token-handling correctness; written by a practicing engineer.
03
Book
Modern Authentication with Azure Active Directory (Vittorio Bertocci)
Microsoft Press · pre-Entra-rebrand but still the canonical text
Microsoft estate engineers should own this. Vittorio is the author of the core Microsoft federation stack.
04
Book
Identity Attack Vectors (Morey Haber + Darran Rolls)
Apress · privileged + workforce identity from the attacker side
Pairs well with PAM deployments — the threat model the platform is defending against.
05
Book
Cloud Native Identity (Jay Beale + others)
O’Reilly · cloud-native authn/z patterns
Best book on workload identity, SPIFFE, and service-mesh authentication.
06
Book
Zero Trust Networks (Evan Gilman + Doug Barth)
O’Reilly · ZT foundations
Older now but still the most coherent explanation of zero-trust as an architecture, not a slogan.
07
Book
NIST SP 800-63 (the standards themselves)
NIST · free download
Not a book, but read it. Volumes A, B, and C define modern authentication assurance.
08
Book
Practical Cryptography for Developers (Svetlin Nakov)
Free online · crypto primer
When you need to remember what the difference between MAC and HMAC actually is.

IAM books directory.

Solving Identity Management in Modern Applications (Yvonne Wilson + Abhishek Hingnikar)

API Security in Action (Neil Madden)

Modern Authentication with Azure Active Directory (Vittorio Bertocci)

Identity Attack Vectors (Morey Haber + Darran Rolls)

Cloud Native Identity (Jay Beale + others)

Zero Trust Networks (Evan Gilman + Doug Barth)

NIST SP 800-63 (the standards themselves)

Practical Cryptography for Developers (Svetlin Nakov)

IAM books directory.

Solving Identity Management in Modern Applications (Yvonne Wilson + Abhishek Hingnikar)

API Security in Action (Neil Madden)

Modern Authentication with Azure Active Directory (Vittorio Bertocci)

Identity Attack Vectors (Morey Haber + Darran Rolls)

Cloud Native Identity (Jay Beale + others)

Zero Trust Networks (Evan Gilman + Doug Barth)

NIST SP 800-63 (the standards themselves)

Practical Cryptography for Developers (Svetlin Nakov)