Identity and the ability to consume information about that identity as well as other Zero Trust (ZT) signals (additional attributes about an identity), is one of the key principles of zero trust architecture. A ZT approach aims to reduce the success of cyber-attacks and data breaches through risk-based access requirements, that is, by requiring authentication and authorization prior to granting access to resources (data and/or systems).In order to meet this requirement, it is important to look at both existing and new identity, access management, and cloud solutions with a ZT lens.ZT is a technology-agnostic guidance framework to bring controls closer to the asset being protected (the protect surface). From an identity and access management perspective, this has the potential to significantly increase the richness of the risk-based decision about granting access and eliminate the granting of access based on the binary trust of a single access control method.