Identity And Access Management (IAM) Glossary of Terms
Identity and Access Management (IAM) is an umbrella term for technologies that control access to resources within an organization. These technologies include user accounts, passwords, single sign-on, role-based access controls, and more.
IAM aims to provide secure access to information and services while minimizing administrative overhead. This includes protecting data, controlling network traffic, monitoring usage, and enforcing security policies.
In addition to these essential functions, organizations may implement additional features such as multi-factor authentication, encryption, and auditing.
Identity and Access Management (I&A) is a broad category encompassing multiple technologies, including User Accounts, Single Sign On, Role Based Access Control, Password Policies, Security Assertion Markup Language (SAML), OpenID Connect, OAuth 2.0, and more.
Identity management systems are an integral part of any business. They help keep track of employees, customers, and partners. They also provide security for sensitive information.
Identity management systems manage access to resources such as computers, networks, databases, and applications. They also ensure that users are authorized to perform tasks, and that data is secure.
Identity And Access Management Terms
Account
An IDHub user account is a set of privileges and permissions granted to an individual by an organization to access various resources within its IT network.
Access Approver
A person or group of people who have been given authority can grant or deny user accounts when required during an access request.
Access Certifications
Auditing and certifying a person's or group's ability to use specific software, apps, entitlements, privileges, or rights.
This certification process is designed, organized, and implemented by submitting a formal request for review within the IDHub certification platform.
Access Certifier
A Certifier is someone who reviews and approves or denies access requests for people based on his/her expertise and relationships with the original requester.
Access Reviewer
A reviewer is an individual who will determine whether a user should be allowed to continue using a particular service or not.
An access review is conducted when an organization requests a certification review through the IDHub certification platform.
Application Lifecycle Management (ALM)
- Governance – Business and IT owners to determine the business and IT significance of the application and then decide which strategy would be most appropriate for achieving the desired outcomes. Define the processes for managing applications, securing sensitive customer information, and controlling who has access to which parts of the system.
- Develop - plan to implement the defined process, and then integrate, onboard enterprise resources (such as HR), and then provide/remove users from target system(s) for identity management.
- Use IDHub to maintain and monitor user account and resource attributes.
- Retire Application from IDHub
Application
Software applications help businesses' end-users to complete specific tasks. It allows companies to achieve their business goals. Depending on its purpose, importance, and added benefit, each application is given a critical risk rating. Each application usually has an owner who is responsible for its success.
Archive
An archive is an organization that preserves documents for future reference. Archives can be public (e.g., museums) or private (e.g., family archives). Some archives include collections of photographs, maps, artwork, music, film, books, manuscripts, and other materials.
Business Owner
An owner of a business is someone who has an interest in the company's success. This person may be a shareholder, director, officer, employee, partner or any combination thereof.
IDHub Collections
IDHub collections are collections of applications created for use within an iDhub project. They can be used to store and share information between IDHub users
Application Configuration
An application configuration is a set of application properties that can be associated with an application instance in a distributed system.
Data Management
Data management is the process of organizing and managing information efficiently so that it can be used effectively. This includes storing, retrieving, analyzing, and reporting on data.
Deprovision
To remove a user's access to a specific resource or an application from the IDHub project.
End-User
An end user is any person who uses your product in its intended way. They may be an individual, family, business, school, government agency, organization, or even a group.
Entitlement
An access entitlement (AE) is an object that represents an individual's right to use a particular resource in a specific way. For example, an AE could be used to represent the rights of an individual to view a website on their mobile phone.
Forms For Identity Access Requests
The identity access request form should be designed to allow users to easily complete their requests for access to information held by the organization. It should also provide them with an easy way to contact the relevant person within the organization if they have any questions.
The form should include all the necessary details required to make a valid request, including name, address, email address, telephone number, and any additional application-specific details needed.
Target System
A target system is an entity monitored and used to control a specific type of device in a networked environment. An NTS may include both hardware and software components. For example, an NTS may consist of a microcontroller embedded into a router or a set of instructions for controlling a particular piece of equipment.
Identity Management System (IDM)
IDM systems are used by organizations to control access to information resources such as documents, databases, applications, networks, etc. The system provides an interface between users and information resources. It allows users to authenticate themselves and gain access to protected data resources.
Identity Lifecycle Management (ILM)
ILM is an important part of any organization’s identity strategy. It encompasses all aspects of how you manage your brand identity from conception to retirement.
The lifecycle management approach focuses on building strong relationships between your customers and employees by helping them understand who they are as individuals and what their needs are at each stage of the customer life cycle.
By understanding these key points, organizations gain insight into how to better serve their customers and build stronger brands.
IT Owner
IT owners to determine the business and IT significance of the application and then decide which strategy would be most appropriate for achieving the desired outcomes.
Notifications
Notifications inform users about changes to their accounts, requests made, or notifications of new tasks they have been assigned. You can send notifications via in-app messages or through automated emails.
Notification Templates
Notifications delivered by email can use customized email templates, making them easier to read, understand, and find the information necessary for the recipient.
Notification Parameters
Any notifications sent out must include specific instructions for how they're supposed to be sent, what methods they should use, what they should look like, and what triggers them to be sent.
Notification Events
Events are triggers that cause notifications to be generated when specific actions occur, such as items being created, users being added, submitted requests, or steps within a workflow being reached.
Organization
A business or entity that manages user accounts for its employees within IDHub.
Outbound Queue
An outbound queue lists messages and tasks that have been sent but not delivered.
Person
An individual user who has an account within IDHub. Users' access can be controlled and monitored.
Permissions
A set of rights, permissions, and roles that can be assigned to an individual user.
Proxy
Users who are assigned to be backups or replacements for another user if they're not available to perform their duties.
Provision
Provisioning refers to giving someone access to a particular resource or allowing them to use an app or service.
Privileged Access Management
Privileged Access Management (PAM) is a cybersecurity approach focused on controlling, monitoring, and securing access to high-level accounts within an organization's IT infrastructure to minimize risks and enhance security.
Policies
An access policy defines how users can access resources on the system. For example, an access policy may specify that only certain people (e.g., administrators) can view the information in a database; another might limit access to a particular web page to logged-in users.
Reconciliation
A process of synchronizing data from an external application to IDHub via a file upload.
Release Queue
A list of notifications or tasks that have been sent but not implemented yet.
Remediation
Steps that can be done to resolve an issue that has been encountered in IDHub.
Revocation
The act removes a person's or group of people's access to an app or resource.
Requests
An official request from a user to gain permission to use a new resource or application or a request for an action to be taken, such as creating a new role.
Role
A role is a way for people (or groups) to be grouped together, giving them a predetermined, preassigned, and authorized set of specific permission for an application, resource, or entitlement.
Users
All accounts within IDHub, including both end-user accounts and administrative user accounts.
Approval Workflow
A process flowchart is a visual representation of a series of steps that must be completed in order for something to happen.