IAM refers to technology and processes for managing identities and access permissions for users, computing devices, and applications. IAM provides full lifecycle management by providing the means and credentials for identification during the onboarding process, through to authenticating and authorizing access to resources, and all the way to revoking access credentials and identities.
A cloud IAM is an IAM that is deployed in the cloud and used as a service (SaaS). It can manage identities and access to cloud resources and also on-premise resources, provided it is configured to do so.
IAM helps organizations keep track of user, device and application identities, and manage who has access to what.
At the heart of any IAM system is a directory service, which in many cases also supports the LDAP protocol. It is therefore often possible to manage users (and also devices and applications) in the hierarchical structures supported by LDAP.