Glossaries

What is Single Sign-On (SSO)?

In order to use an application, or access a secure network, you need to identify yourself. This is often done with a combination of a unique username and a password. Nearly everyone is familiar with this method of logging in to a system or application. The combination of a username and password is...

read more

What is Attribute-Based Access Control (ABAC)?

One of the most effective methods of identity and access management (IAM) is attribute-based access control or ABAC. ABAC follows a similar model to role-based access control (RBAC) but offers significantly improved authorization management. Whereas RBAC determines access according to a user’s...

read more

What is API Integration?

API (Application Programming Interface) is the set of protocols and tools that enable different applications to communicate with each other. APIs facilitate connectivity between devices, applications, and programs by serving as a software intermediary that allows us to combine data in more...

read more

What is Principle of Least Privilege?

The “Principle of Least Privilege” (POLP) states a given user account should have the exact access rights necessary to execute their role’s responsibilities—no more, no less. POLP is a fundamental concept within identity and access management (IAM). Least privilege relies on the understanding that...

read more

What is CIAM?

Customer identity and access management (CIAM) is a specific aspect of identity and access management (IAM) focusing on external users (e.g., customers, contractors, shareholders). While CIAM began as a solution for managing customers’ identities, it has evolved to protect data generated by these...

read more

What is Offboarding?

User Account Offboarding is the process used to revoke accounts and access from departing employees. Offboarding is a critical step for secure and compliant identity management. According to Osterman Researchi, nearly 90% of departed employees retain access to their corporate applications. Almost...

read more

What is Push-to-Verify?

Identity matters. Before gaining access to an application, company data, or a secure network, the identity of the person must first be confirmed. Many apps and networks use a multifactor authentication (MFA) sign-in process known as “push-to-verify” to accomplish this feat. Push-to-verify, or push...

read more

What is Segregation of Duties?

“Segregation of Duties” (SoD), also known as “Separation of Duties”, is a system of internal controls within an organization. SoD policies act as a first line of defense when protecting organizations against regulatory noncompliance and fraudulent activity. Many business processes, if executed by...

read more

What is OAuth?

OAuth is, simply put, a protocol and login method that confirms user identities based on existing, verified authentication. When you log in to an app or online site and select the “Login with Facebook” or similar option, that authentication method uses OAuth. Apps and sites leverage OAuth to...

read more

What is Multifactor Authentication?

“Multifactor authentication” (MFA) is an account security process requiring two or more separate steps for a user to prove their identity. It most commonly refers to logging into a computer, network, application, or other resources. To complete a multifactor authentication process, you must...

read more

What is Role-Based Access Control?

Role-Based Access Control (RBAC) is an oft-used term in identity and access management for organizations whose leadership wants to assign and manage all access privileges across the network in a structured way. As the name implies, this structure is determined by employees’ job roles and...

read more

What is User Account Onboarding?

Simply put, “onboarding” is managerial jargon first used in the 1970s that refers to the process of getting a new hire up to speed on organizational processes, policies, positional resources, and culture. Successful onboarding aims to help new employees quickly become effective within the...

read more

What is the User Account Lifecycle?

The “User Account Lifecycle” defines the collective management processes for every user account. These processes can be broken down into Creation, Review/Update, and Deactivation—or “CRUD”. If your organization utilizes IT resources of any kind, you rely on user accounts to access them. As any...

read more

What is OpenID & OpenID Connect?

More than a decade ago, every website had to have a login process and database for users’ accounts and credentials. This approach had two main problems: the user was continually having to sign up and create new accounts on each website they visited (as well as remember all their credentials) and,...

read more

What is an OTP (One-Time Password)?

An OTP (i.e., one-time password), is a password that is valid for a set duration when completing a single login session or transaction. OTPs may sometimes be called dynamic passwords, single-use passwords, or one-time PINs. A one-time password helps to circumvent some of the drawbacks of...

read more

What is Active Directory (AD)?

Have you ever heard of or used Novell Netware? Unless you are an experienced IT professional or a tech history aficionado, you probably haven’t. For the record, it was one of the tools used for administration on a Windows computer until the late 1990s. Novell Netware and the like became obsolete...

read more

What is SAML?

“Security Assertion Markup Language” (SAML) is a type of single sign-on (SSO) standard. It defines a set of rules/protocols that allow users to access systems and applications with a single login, especially for cloud-based resources. This is possible because those resources all trust the systems...

read more

What is Shift Left?

“Shift Left” encapsulates the idea that by moving or tackling tasks earlier in a process’ timeline (i.e. “further left”), you can significantly increase efficiency and better prepare your organization’s operations for potential challenges. While the term originated with software development, it...

read more

What is Password Synchronization?

“Password synchronization” is a method of achieving single sign-on (SSO) by ensuring a user’s password is the same between multiple systems. One system, such as Active Directory, acts as the central authority. When a user’s credentials are updated inside of the central authority, their password is...

read more

What are Orphaned Accounts?

“Orphaned account” is a term describing accounts without an associated, active user. The term most often refers to network accounts (e.g. Active Directory) associated with former/inactive employees. However, it remains applicable to any type of account that is not actively used. For example, a...

read more