Ad Image

Identity Management Glossary of Terms

Having a hard time keeping up with Identity Management jargon? We’ve got you covered. Solutions Review’s A to Z Identity Management glossary has definitions for over 50 of the most popular Identity Management terms and acronyms. Don’t forget to check out our 2016 Identity Management Solutions Buyer’s Guide for a complete market overview of the top 28 Identity Management vendors, available here.


Access Management

Access management is the process of managing a user’s login and access across a wide range of applications, systems, and resources belonging to an organization. Most IAM solutions manage user access to resources but leave access authorization decisions to the application owners.

Affiliation is the combination of one’s relationship with an organization and some form of trusted identity (which may not be from within the organization).

Small pieces of information that make up a digital identity. Attributes may include name, phone number, group affiliation, etc.

An official organizational review of security entitlements and user privileges. A periodical entitlement audit is a reliable method for finding and removing old, unneeded entitlements.

Authentication is the process of validating an identity, whether it be the identity of a user or, as in the Identity of Things, a device. The classic method of validation is the username/password combination.

Authorization is the process of determining if a user has the right to access a service or resource, or perform an action.

An authorization audit is a process that gives a detailed overview of the access capabilities of an entire organization.

An individual responsible for approving changes in user authorizations and privileges.


A single sign-on web protocol which allows a user to access multiple services while providing login credentials only once.

A senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals.

A senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure that information assets and technology are protected.

In IT and data storage terminology, compliance refers to organizational compliance with government regulations regarding data storage and management and other IT processes.

A credential is an item, such as an ID card, or a username/password combination, used by persons or entities to prove themselves.

Customer, or Consumer Identity and Access Managment (CIAM) is an IAM solution that is specifically tailored to meet the needs of organizations handling large volumes of consumer identity information. Though superficially similar to traditional IAM, CIAM solutions must provide smooth, yet secure customer experience, with the ability to scale quickly to handle large volumes of customer data.


Any information stored by a computer.

A digital identity is a set of information (attributes and credentials) about an individual that is maintained in order to associate them with an organization.

The removal of an individual’s organizational digital identity, access, and privileges.


An action or the result of an action. Events are often logged and monitored for security purposes.


A federated identity is the product of linking all of an individual’s disparate electronic identities and attributes, which may be stored across multiple identity management solutions.

A Federated Identity Management (FIM) Solution is a technical implementation that allows identity information to be developed and shared among multiple identity management entities, and across trust domains.

The FIDO (Fast IDentity Online) Alliance is a non-profit group formed to address a lack of interoperability between authentication devices, and the challenges that users face in maintaining multiple usernames, passwords, and authentication methods.


In identity management, a group allows the management of multiple entities (I.e. employees or customers) within a single category. Groups are used to define roles and simplify access control.


Identification is the process by which an entity’s information is gathered and verified for accuracy.

Identity and Access Governance (IGA) solutions establish an identity lifecycle process that gives managers the ability to have comprehensive governance of identities and access requests.

Identity and Access Management (IAM) is a system, solution, or service that addresses an organizational need for a system-wide solution that manages user’s access and authentication into external and internal applications, databases, or networks.

Small pieces of information that make up a digital identity. Attributes may include name, phone number, group affiliation, etc.

Similar to IAM, IGA is a set of processes used to manage identity and access controls across systems. IGA differs from IAM in that it allows organizations to not only define and enforce IAM policy but also connect IAM functions to meet audit and compliance requirements.

Identity Management (IdM) is the act of using processes and solutions for the creation and management of user or connected device information.

Identity and access management as service, or IDaaS, is an IAM solution delivered as a service. IDaaS solutions are predominately cloud-based and are hosted and sometimes managed by the service provider.


The Level of Assurance (LoA) is the degree of confidence achieved by the vetting and proofing process used to establish the identity of a user. There are four levels of assurance, ranking from zero (no confidence existing in the asserted identity) to four (very high confidence in the asserted identity’s accuracy).

Log files are files that record either events that occur in an operating system or software, or messages occurring on communication software. For example, when a failed login to an E-mail system occurs, a log file is created to record that event.

The act of keeping a log for an extended period of time.


In an organization, users usually have managers, who in turn may have their own managers. This sequence of managers, which starts with the user and ends with the highest manager in that organization, is known as the management chain. In the context of identity management, management chains are often used to authorized security changes.

Multifactor authentication adds an additional step (or factor) to the authentication process, typically by pairing something the user knows, such as username and password, with an action, or something the user has, such as an SMS message to their phone, an email, or a token.


An electronic identifier created specifically for use with online applications.


OAuth is an open authorization standard that allows applications to autonomously access resources on behalf of a user. iOS and Android, for example, use this kind of authorization to let users choose whether or not an app can have access to certain functions and parts of the phone.

The process by which a user is removed (with access revoked) from an organization’s IAM system.

A standardized, open method of decentralized authentication.

The process of adding new users to an organization’s IAM system.

A password that is valid for use one use or session.


A word or string of characters used to prove one’s identity, or authorize access to a resource. Usually, but not always, paired with a username.

The process by which a user changes their own password.

A privilege is a construct that allows certain users within an organization to have a number of powers based on their credentials and identity attributes.

Privileged identity management is a process or technology focused on managing, monitoring, and protecting powerful privileged user accounts within the IT infrastructure of an enterprise.

Privileged identity management is a process or technology focused on managing, monitoring, and protecting powerful privileged user accounts within the IT infrastructure of an enterprise.

Privilege Management is the process by which the owner of a network can modify or assign privileges for applications and resources.

A user possessing specific security privileges and entitlements.

A process that enables users to use their privileges to access applications and services.


A person who requests a change in user profiles, privileges, or entitlements, either by an automated or manual process.

An identity attribute that gives users automatic privileges when assigned. Roles make take the form of groups wherein all members of a group have the same set of privileges.

A model in which users are assigned “roles” that give them a certain level of access to resources and systems. Assigning a role to a user grants that user a certain set of privileges and entitlements.


A system for cross-domain identity management (SCIM) is an open standard for automating the exchange of user identity information between identity domains, or IT systems, designed to make user identity management in cloud-based applications easier.

A person responsible for maintaining a list of users, their identity attributes, their passwords, security privileges, or other authentification factors.

An official organizational review of security entitlements and user privileges. A periodical entitlement audit is a reliable method for finding and removing old, unneeded entitlements.

A self-service password reset is a process that allows users that have forgotten their password to use an alternate process to authenticate themselves and thus reset their password without the assistance of help desk personnel.

A session is an interaction between two or more entities on a network, generally consisting of an exchange of information. In the context of identity management, the most important information exchanged is the credentials of each entity and the time-out information for the session.

A method of authentication that relies on a single factor, such as username and password, to verify a user’s identity.

In a single sign-on (SSO) service model users log onto a single platform which gives them automatic log-in access to multiple applications for a particular period of time. When utilizing SSO systems users only need to present one set of credentials, rather than learning or remembering separate credentials for each application.

A support analyst, in an identity management context, is a user with special privileges that allow him or her to help other users, often by resetting their forgotten passwords or provisioning new privileges.

A system of record (SoR) is a storage system designated as an authoritative source for a certain identity attribute. As the SoR is the direct line of access to the identity attribute that it controls, all modifications to those identity attributes should be brokered via the SoR.


The process by which user or customer credentials or privileges are de-provisioned and removed.


Users are people whose access to systems and identity information must me managed.

User Lifecycle Management (ULM) is an Identity-based user management process library and framework designed to enable personalized digital user experiences across multiple services and devices.

Technologies or processes that create, modify, and deactivate user accounts, privileges, and profiles across IT infrastructure and business apps.


The process of thoroughly investigating and validating information collected from or about an individual for the purpose of issuing credentials or privileges.