For those implementing identity and access management (IAM) in their organizations, what are the key components you focus on? I know user authentication, authorization, and access control are central, but how do you design a system that is both secure and scalable, especially in larger organizations?