Cutting-Edge AI Techniques for Securing Healthcare IAM: A Novel Approach to SAML and OAuth Security

Purpose: This study addresses the increasing limitations of traditional Identity and Access Management (IAM) systems based on OAuth and SAML protocols, which are vulnerable to evolving cyber threats such as token hijacking, phishing, replay attacks, and consent fraud. The purpose is to introduce an AI-driven threat detection framework that enhances identity security beyond conventional rule-based mechanisms. Methodology: The proposed framework integrates machine learning (ML), anomaly detection algorithms, and behavioral analytics to monitor and secure OAuth and SAML authentication workflows. Risk-based adaptive authentication (RBA) is utilized to assess contextual risk, while natural language processing (NLP) techniques are applied to validate OAuth consent flows. The effectiveness of the framework is evaluated through experimental simulations comparing AI-enhanced models with traditional IAM approaches. Findings: Experimental results demonstrate that the AI-based model improves detection of SAML assertion forgery by over 90% and reduces OAuth token misuse by 80%. These findings underscore the capability of AI to dynamically identify and mitigate identity-based threats in real time, significantly outperforming static rule-based systems. Unique contribution to theory, practice and policy: This research offers a practical AI-enhanced framework for securing IAM systems, enabling organizations to implement real-time threat detection, reduce identity fraud, and automate risk-based authentication and consent validation. By introducing NLP-driven consent verification and behavioral analytics, the framework enhances decision-making and user access governance across enterprise systems. From a policy standpoint, the study supports the evolution of cybersecurity and compliance models by demonstrating how AI can be systematically embedded into IAM infrastructures. It reinforces alignment with regulatory standards such as HIPAA and GDPR, encouraging the development of AI-inclusive policies for identity security, threat mitigation, and digital trust frameworks.