Having a hard time keeping up with Identity Management jargon? We’ve got you covered. Solutions Review’s A to Z Identity Management glossary has definitions for over 50 of the most popular Identity Management terms and acronyms.
Access Management – Access management is the process of managing a user’s login and access across a wide range of applications, systems, and resources belonging to an organization. Most IAM solutions manage user access to resources but leave access authorization decisions to the application owners.
Audit – See security entitlement audit
Authentication (AuthN) – Authentication is the process of validating an identity, whether it be the identity of a user or, as in the Identity of Things, a device. The classic method of validation is the username/password combination.
Chief Information Security Officer (CISO) – A senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure that information assets and technology are protected.
Customer Identity and Access Management (CIAM) – Customer, or Consumer Identity and Access Managment (CIAM) is an IAM solution that is specifically tailored to meet the needs of organizations handling large volumes of consumer identity information. Though superficially similar to traditional IAM, CIAM solutions must provide smooth, yet secure customer experience, with the ability to scale quickly to handle large volumes of customer data.
Federated Identity – A federated identity is the product of linking all of an individual’s disparate electronic identities and attributes, which may be stored across multiple identity management solutions.
Federated Identity Management – A Federated Identity Management (FIM) Solution is a technical implementation that allows identity information to be developed and shared among multiple identity management entities, and across trust domains.
FIDO Alliance – The FIDO (Fast IDentity Online) Alliance is a non-profit group formed to address a lack of interoperability between authentication devices, and the challenges that users face in maintaining multiple usernames, passwords, and authentication methods.
Identity Access Governance – Identity and Access Governance (IGA) solutions establish an identity lifecycle process that gives managers the ability to have comprehensive governance of identities and access requests.
Identity and Access Management – Identity and Access Management (IAM) is a system, solution, or service that addresses an organizational need for a system-wide solution that manages user’s access and authentication into external and internal applications, databases, or networks.
Identity Attribute – See attribute.
Identity Governance and Administration (IGA) – Similar to IAM, IGA is a set of processes used to manage identity and access controls across systems. IGA differs from IAM in that it allows organizations to not only define and enforce IAM policy but also connect IAM functions to meet audit and compliance requirements.
Identity Management as a Service – Identity and access management as service, or IDaaS, is an IAM solution delivered as a service. IDaaS solutions are predominately cloud-based and are hosted and sometimes managed by the service provider.
Level of Assurance (LoA) – The Level of Assurance (LoA) is the degree of confidence achieved by the vetting and proofing process used to establish the identity of a user. There are four levels of assurance, ranking from zero (no confidence existing in the asserted identity) to four (very high confidence in the asserted identity’s accuracy).
Log Files – Log files are files that record either events that occur in an operating system or software, or messages occurring on communication software. For example, when a failed login to an E-mail system occurs, a log file is created to record that event.
Management Chain – In an organization, users usually have managers, who in turn may have their own managers. This sequence of managers, which starts with the user and ends with the highest manager in that organization, is known as the management chain. In the context of identity management, management chains are often used to authorized security changes.
Multifactor Authentication – Multifactor authentication adds an additional step (or factor) to the authentication process, typically by pairing something the user knows, such as username and password, with an action, or something the user has, such as an SMS message to their phone, an email, or a token.
OAuth – OAuth is an open authorization standard that allows applications to autonomously access resources on behalf of a user. iOS and Android, for example, use this kind of authorization to let users choose whether or not an app can have access to certain functions and parts of the phone.
Privileged Account Management (PAM) – See privileged identity management.
Privileged Identity Management (PIM) – Privileged identity management is a process or technology focused on managing, monitoring, and protecting powerful privileged user accounts within the IT infrastructure of an enterprise.
Role-Based Access Control (RBAC) – A model in which users are assigned “roles” that give them a certain level of access to resources and systems. Assigning a role to a user grants that user a certain set of privileges and entitlements.
System for Cross-Domain Identity Management (SCIM) – A system for cross-domain identity management (SCIM) is an open standard for automating the exchange of user identity information between identity domains, or IT systems, designed to make user identity management in cloud-based applications easier.
Security Entitlement Audit – An official organizational review of security entitlements and user privileges. A periodical entitlement audit is a reliable method for finding and removing old, unneeded entitlements.
Self-Service Password Resets – A self-service password reset is a process that allows users that have forgotten their password to use an alternate process to authenticate themselves and thus reset their password without the assistance of help desk personnel.
Session – A session is an interaction between two or more entities on a network, generally consisting of an exchange of information. In the context of identity management, the most important information exchanged is the credentials of each entity and the time-out information for the session.
Single Sign-On (SSO) – In a single sign-on (SSO) service model users log onto a single platform which gives them automatic log-in access to multiple applications for a particular period of time. When utilizing SSO systems users only need to present one set of credentials, rather than learning or remembering separate credentials for each application.
Support Analyst – A support analyst, in an identity management context, is a user with special privileges that allow him or her to help other users, often by resetting their forgotten passwords or provisioning new privileges.
System of Record (SoR) – A system of record (SoR) is a storage system designated as an authoritative source for a certain identity attribute. As the SoR is the direct line of access to the identity attribute that it controls, all modifications to those identity attributes should be brokered via the SoR.
Termination – The process by which user or customer credentials or privileges are de-provisioned and removed.
User Lifecycle Management (ULM) – User Lifecycle Management (ULM) is an Identity-based user management process library and framework designed to enable personalized digital user experiences across multiple services and devices.
Interested in learning more about identity management? Check out these additional resources: