# Introduction to cloud service authentication and authorization
This course introduces the basic concepts of cloud service authentication and authorization. Here are some of the key concepts we'll have a closer look at:
A digital identity is an entity that can be granted access. Digital identities are usually associated with one ore more secrets (passwords, keys) or other attributes that allows an entity to prove it is the true holder of the identity.
An identity provider (IdP) is a service that stores and manages digital identities. Organizations use IdPs to allow users and applications (identities) to connect securely with the resources they need.
Authentication is about determining the identity of a person or application trying to access a resource. It establishes if they are who they say they are.
Authorization is about determining what level of access an authenticated person or application has. It specifies what data they're allowed to access and what they can do with it.
In the following units, you will learn more about these basic building blocks and then explore them using an analogy of a hotel room with key cards to control access.