IAM Glossary

In this IAM Glossary we present some general and common IAM terms related to the Identity and Access Management. Sources:  Gartner (www.gartner.com), ISO Standards (www.iso.org) and Wikipedia.

You can also read about Spellpoint’s IAM Services.

A

Access Policy – Policy that defines how access rights are granted and removed. More formally, "to authorize" is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authentication) shall be approved (granted) or disapproved (rejected).

Authentication – Formalized process of verification of an identity for an entity, usually done with username and password.

Authorization – Function of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authentication) shall be approved (granted) or disapproved (rejected). Resources include individual files or an item's data, computer programs, computer devices and functionality provided by computer applications.

F

Federation – Agreement between two or more domains specifying how identity information will be exchanged and managed for cross-domain identification purposes.  

I

Identity and Access Management (IAM) – Security discipline that enables the right individuals to access the right resources at the right times for the right reasons. Read about Spellpoint's Identity and Access Management services.

Identity Management (IdM) – 1) Management of individual identities, their authentication, authorization, roles and privileges within or across system and enterprise boundaries. 2) Processes and policies involved in managing the lifecycle and value, type and optional metadata of attributes in identities known in a particular domain. More info on Spellpoint's Identity Management services.

S

Single Sign-On (SSO) – A property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single authentication (such as username and password) to gain access to a connected system or systems without using different authentications (usernames or passwords), or in some configurations seamlessly sign-on at each system. Read more about Spellpoint's Single Sign-On (SSO) services.

U

User Provisioning – User provisioning refers to the creation, maintenance and deactivation of user objects and user attributes, as they exist in one or more systems, directories or applications, in response to automated or interactive business processes. User provisioning software may include one or more of the following processes: change propagation, self-service workflow, consolidated user administration, delegated user administration, and federated change control. User objects may represent employees, contractors, vendors, partners, customers or other recipients of a service. Read more about Spellpoint's user provisioning and identity management services.