Identity Security Glossary

A

Access Certification

Access Certification (also called Access Review) is a periodic process where managers and data owners formally review and...

IGA Governance Compliance

Access Control

AC

Access Control is the practice of selectively restricting access to resources, systems, or data based on policies defining...

IAM Foundational Security

Access Key

An access key is a unique string of characters used to authenticate and authorize access to a system,...

Cloud NHI AWS

Access Management

AM

Access Management is the process of authenticating and authorizing users and machines to access systems, applications, and APIs...

IAM Foundational Access

Active Directory

AD

Active Directory (AD) is Microsoft's on-premises directory service that stores information about users, computers, and other network resources,...

IAM Microsoft Directory

Adaptive Authentication

Adaptive Authentication dynamically adjusts the level of authentication required based on contextual risk signals such as location, device,...

IAM MFA Risk-Based

Agentic Access Management

AAM

Agentic Access Management (AAM) is a security framework for controlling, monitoring, and governing the access rights of autonomous...

AI NHI Emerging

Agentic AI

Agentic AI refers to artificial intelligence systems that operate autonomously, executing tasks, making decisions, and interacting with other...

AI NHI Emerging

API Key

An API key is a unique identifier used to authenticate a calling application or service to an API...

NHI API Credentials

Attestation

Attestation (also called access recertification) is the formal process of reviewing and validating that user access privileges are...

IGA Compliance Access Review

Attribute-Based Access Control

ABAC

ABAC is an access control model that grants or denies access based on a combination of attributes —...

IAM Authorization Policy

Authentication

AuthN

Authentication is the process of verifying the identity of a user, system, or device — confirming they are...

IAM Foundational Identity

Authorization

AuthZ

Authorization determines what an authenticated user is allowed to do — which resources they can access and what...

IAM Foundational Access

AWS IAM

AWS IAM (Identity and Access Management) is Amazon's service for controlling who can authenticate and what actions they...

Cloud AWS IAM

B

Behavioral Analytics (UEBA)

UEBA

User and Entity Behavior Analytics (UEBA) uses machine learning to establish baseline behavior patterns and detect anomalies that...

IAM Security Analytics

BeyondTrust

BeyondTrust is a leading Privileged Access Management vendor offering solutions for securing, managing, and auditing privileged accounts across...

PAM Vendor Tool

Biometrics

Biometrics uses unique physical or behavioral characteristics — fingerprints, facial recognition, iris scans, voice patterns — to authenticate...

IAM Authentication MFA

Break Glass Account

A break glass account is a special emergency access account with high privileges, held in reserve for crisis...

PAM Emergency Access Privileged Account

C

Certificate

X.509

A digital certificate is an electronic document that uses a digital signature to bind a public key to...

PKI Authentication NHI

CIEM

Cloud Infrastructure Entitlement Management

CIEM is a category of security tools that discover, manage, and govern entitlements (permissions) across cloud infrastructure —...

Cloud IAM Governance

Cloud Identity

Cloud Identity refers to managing digital identities for users, workloads, and devices operating in cloud environments, including governance...

Cloud IAM SaaS

Conditional Access

Conditional Access is a policy framework that enforces access decisions based on conditions like user identity, device compliance,...

Zero Trust IAM Policy

Credential Stuffing

Credential stuffing is a cyberattack where attackers use large lists of stolen username/password pairs (from previous data breaches)...

Attack IAM Security

Customer Identity and Access Management

CIAM

CIAM is the set of technologies and processes used to manage and secure the digital identities of external...

CIAM Identity Customer

Cyber Insurance and Identity

Cyber insurance policies increasingly mandate specific identity security controls — particularly MFA, PAM, and privileged access monitoring —...

Compliance Risk Insurance

CyberArk

CyberArk is the market-leading Privileged Access Management platform, providing credential vaulting, session isolation, threat analytics, and secrets management...

PAM Vendor Tool

D

Decommissioning

Decommissioning is the process of retiring, deactivating, or shutting down IT systems, applications, service accounts, or identities that...

IGA Lifecycle NHI

Delinea

Delinea (formerly Thycotic and Centrify) is a PAM vendor offering cloud-first privileged access solutions including Secret Server (credential...

PAM Vendor Tool

Device Identity

Device identity is a digital representation of a physical or virtual hardware device — laptop, server, phone, IoT...

Zero Trust NHI Device

Domain Controller

DC

A Domain Controller (DC) is a server running Active Directory Domain Services that authenticates and authorizes users, computers,...

IAM Active Directory Microsoft

E

Entitlement

An entitlement is a specific permission or right granted to a user — the ability to perform a...

IAM IGA Access

External Account

An external account is a user account or identity managed by an external identity provider — such as...

IAM CIAM Federation

F

Federated Identity

Federated identity is the linking of electronic identities across multiple security domains or organizations, allowing a user authenticated...

IAM Federation SSO

FIDO2 and WebAuthn

FIDO2

FIDO2 is an open authentication standard that enables passwordless, phishing-resistant authentication using public-key cryptography, implemented through platform authenticators...

IAM Passwordless Standard

ForgeRock

ForgeRock (now part of Ping Identity) is an enterprise identity platform providing IAM, CIAM, and identity orchestration capabilities...

IAM CIAM Vendor

G

GDPR

General Data Protection Regulation

GDPR is the European Union's data protection regulation requiring organizations to protect the personal data and privacy of...

Compliance Privacy Regulation

Generative AI and Identity Security

Generative AI introduces new identity security challenges and opportunities — from AI models needing their own identities and...

AI Emerging IAM

Google Cloud Identity

GCP IAM

Google Cloud Identity is Google's identity and access management service for GCP (Google Cloud Platform) — managing user...

Cloud GCP Google

H

HashiCorp Vault

HashiCorp Vault is an open-source secrets management tool that securely stores and tightly controls access to tokens, passwords,...

PAM Secrets DevOps

HIPAA and Identity Security

HIPAA

HIPAA (Health Insurance Portability and Accountability Act) requires healthcare organizations to implement specific identity and access controls to...

Compliance Healthcare HIPAA

Human Identity

A human identity is a digital representation of an individual person — employee, contractor, partner, or customer —...

IAM Identity Foundational

I

Identity and Access Management

IAM

IAM is the framework of policies, processes, and technologies that ensure the right individuals have the appropriate access...

IAM Foundational Core

Identity Fabric

Identity Fabric is an architectural approach that interconnects all identity tools, technologies, and processes into a unified, coherent...

IAM Zero Trust Architecture

Identity Federation

Identity Federation allows users to authenticate with one identity provider and use that verified identity to access resources...

IAM SSO Standard

Identity Governance and Administration

IGA

IGA is the framework and technology for managing and governing user identities and their access across an enterprise...

IGA Governance Compliance

Identity Lifecycle Management

ILM

Identity Lifecycle Management is the process of managing a digital identity from creation through changes to eventual deactivation...

IAM IGA Lifecycle

Identity Proofing

Identity proofing is the process of verifying that a person is who they claim to be during onboarding...

IAM CIAM Onboarding

Identity Provider

IdP

An Identity Provider (IdP) is a system that creates, maintains, and manages digital identities and provides authentication services...

IAM Federation SSO

Identity Threat Detection and Response

ITDR

Identity Threat Detection and Response (ITDR) is an emerging cybersecurity discipline focused on detecting, analyzing, and responding to...

IAM Security Threat Detection

Insider Threat

An insider threat is a security risk originating from within the organization — employees, contractors, or partners who...

Security PAM Risk

ISO 27001 Identity Controls

ISO 27001

ISO 27001 is the international standard for information security management systems (ISMS), with Annex A containing specific controls...

Compliance ISO Framework

J

Joiner-Mover-Leaver

JML

The Joiner-Mover-Leaver (JML) framework describes the three key identity lifecycle events that trigger access changes: new hires (Joiners),...

IGA IAM Lifecycle

JSON Web Token

JWT

A JWT is a compact, URL-safe token format used to securely transmit claims between parties. It is digitally...

IAM Token API

Just-in-Time Access

JIT

Just-in-Time (JIT) Access is a PAM strategy where privileged access is granted only when needed, for a limited...

PAM Zero Trust Least Privilege

K

Kerberos

Kerberos is a network authentication protocol that uses secret-key cryptography to provide strong authentication for client/server applications —...

IAM Protocol Authentication

KMS Key

Key Management Service

A KMS (Key Management Service) key is a cryptographic key managed by a cloud key management service —...

Cloud Encryption NHI

L

LDAP

Lightweight Directory Access Protocol

LDAP is an open protocol for accessing and maintaining distributed directory information services — the standard way applications...

IAM Protocol Directory

Least Privilege

PoLP

The Principle of Least Privilege states that users, systems, and processes should have only the minimum access rights...

IAM PAM Zero Trust

Lifecycle Management

Lifecycle management for non-human identities (NHIs) is the process of governing service accounts, API keys, certificates, and machine...

IGA NHI Lifecycle

M

Machine Credentials

Machine credentials are cryptographic artifacts used to authenticate and authorize non-human identities (NHIs) — including passwords, API keys,...

NHI PAM Credentials

Machine Identity

A machine identity is a unique digital representation of a machine — server, virtual machine, container, IoT device,...

NHI PAM Cloud

Managed Identity

A managed identity is an Azure feature that provides cloud services (VMs, App Services, Functions) with an automatically...

Cloud Azure NHI

Mandatory Access Control

MAC

MAC is a strict access control model where access decisions are made by a central policy authority based...

IAM Access Control Model

MFA Fatigue Attack

MFA Fatigue (or MFA Bombing) is an attack where an adversary with a stolen password repeatedly sends MFA...

Security MFA Attack

Microsegmentation

Microsegmentation is a network security technique that divides the data center or cloud environment into small, isolated segments...

Zero Trust Network Security

Microsoft Entra ID

formerly Azure AD

Microsoft Entra ID is Microsoft's cloud-based identity and access management service, serving as the identity backbone for Microsoft...

Cloud IAM Microsoft

mTLS

Mutual TLS

Mutual TLS (mTLS) is a security protocol where both the client and server authenticate each other using X.509...

NHI Authentication Protocol

Multi-Factor Authentication

MFA

MFA requires users to provide two or more verification factors from different categories — something you know, something...

IAM Authentication Security

N

NIST Cybersecurity Framework

NIST CSF

The NIST CSF is a voluntary framework providing standards and best practices for managing cybersecurity risk, organized around...

Compliance Framework Standard

NIST SP 800-207 Zero Trust

NIST SP 800-207

NIST SP 800-207 is the authoritative US government publication defining Zero Trust Architecture — its principles, components, deployment...

Zero Trust NIST Standard

Non-Human Identity

NHI

A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication — representing applications, services,...

NHI PAM Cloud

O

OAuth 2.0

OAuth 2.0

OAuth 2.0 is an open authorization framework that allows applications to obtain limited access to user accounts on...

IAM Protocol Authorization

OAuth Token

An OAuth token is a cryptographic credential issued through the OAuth 2.0 framework that grants an application access...

IAM NHI Token

Offboarding

Offboarding is the process of revoking all system access, deactivating accounts, recovering devices and credentials, and removing entitlements...

IGA IAM Lifecycle

Okta

Okta is a leading cloud identity platform providing workforce identity (SSO, MFA, lifecycle management) and customer identity (CIAM)...

IAM CIAM Vendor

OpenID Connect

OIDC

OIDC is an identity layer built on top of OAuth 2.0 that allows applications to verify user identity...

IAM Protocol Authentication

Orphaned Accounts

Orphaned accounts are user accounts or identities (human or non-human) that remain active in a system despite no...

IGA PAM NHI

Overprivileged Identity

An overprivileged identity is a user, service account, or machine identity that holds more permissions than required for...

IGA PAM Least Privilege

P

Pass-the-Hash

PtH

Pass-the-Hash (PtH) is a credential theft attack where an attacker captures the hashed version of a password from...

PAM Attack Active Directory

Passkeys

Passkeys are a FIDO2-based replacement for passwords — cryptographic credentials tied to a specific website or app, stored...

IAM Passwordless FIDO2

Passwordless Authentication

Passwordless Authentication eliminates passwords entirely, replacing them with more secure and user-friendly factors like biometrics, hardware keys, magic...

IAM Authentication Modern

PCI-DSS Identity Requirements

PCI-DSS

PCI-DSS (Payment Card Industry Data Security Standard) v4.0 mandates specific identity and access controls for organizations that handle...

Compliance PCI Finance

Ping Identity

Ping Identity is an enterprise identity security platform providing SSO, MFA, directory services, and customer identity solutions —...

IAM CIAM Vendor

PKI

Public Key Infrastructure

Public Key Infrastructure (PKI) is the framework of policies, hardware, software, procedures, and standards needed to create, manage,...

IAM Cryptography Certificate

Privileged Access Management

PAM

PAM is the cybersecurity domain focused on securing, controlling, monitoring, and auditing all privileged access to critical assets...

PAM Foundational Core

Privileged Account

A privileged account is any account with elevated access rights beyond standard users — including administrator accounts, service...

PAM Account Security

Privileged Identity Management

PIM

PIM (specifically Microsoft Entra PIM) is a service that enables Just-in-Time privileged access to Azure resources and Entra...

PAM IAM Microsoft

Provisioning and Deprovisioning

Provisioning is the automated process of creating user accounts and granting access rights across systems. Deprovisioning is the...

IAM IGA Lifecycle

R

Ransomware and Identity

Modern ransomware attacks are fundamentally identity attacks — attackers first compromise credentials, then move laterally using privileged identities,...

Security PAM Attack

Risk-Based Authentication

RBA

Risk-Based Authentication dynamically evaluates the risk level of each login attempt and adjusts authentication requirements accordingly — low...

IAM Authentication Risk

Role Mining

Role Mining is the process of analyzing existing user access patterns to discover and define meaningful role structures...

IGA RBAC Governance

Role-Based Access Control

RBAC

RBAC is an access control model where permissions are assigned to roles (not directly to users), and users...

IAM Authorization Model

S

SailPoint

SailPoint is a leading Identity Security and IGA platform offering lifecycle management, access certifications, role management, and AI-driven...

IGA Vendor Tool

SAML 2.0

Security Assertion Markup Language

SAML 2.0 is an XML-based open standard for exchanging authentication and authorization data between an Identity Provider and...

IAM Protocol SSO

SAS Token

Shared Access Signature

A Shared Access Signature (SAS) token is an Azure security token that grants limited, time-bound access rights to...

Cloud Azure NHI

Saviynt

Saviynt is a cloud-native Identity Security platform combining IGA and PAM capabilities — offering lifecycle management, access governance,...

IGA PAM Vendor

SCIM

System for Cross-domain Identity Management

SCIM is an open standard API (REST and JSON) that automates the exchange of user identity information between...

IAM Protocol Provisioning

Secret Rotation

Secret rotation is the process of regularly replacing credentials (passwords, API keys, certificates, tokens) with new ones to...

PAM NHI DevOps

Secret Sprawl

Secret sprawl is the uncontrolled proliferation of credentials, API keys, passwords, and tokens across an organization's codebase, configuration...

PAM NHI DevOps

Secrets Management

Secrets Management is the practice of securely storing, rotating, and controlling access to sensitive credentials used by applications...

PAM DevOps Cloud

Segregation of Duties

SoD

Segregation of Duties (SoD) is a control that ensures no single person has end-to-end control over a critical...

IGA Compliance Governance

Semperis

Semperis is a cybersecurity company specializing in Active Directory and Entra ID security, resilience, and recovery — protecting...

IAM Vendor AD Security

Service Account

A service account is a non-human identity used by applications, scripts, and services to authenticate and interact with...

PAM IAM Non-Human Identity

Service Principal

A service principal is an identity used by an application or service in Azure to authenticate and access...

Cloud Azure NHI

Session Recording

Privileged Session Recording is a PAM capability that captures, stores, and indexes the complete record of privileged sessions...

PAM Audit Compliance

Single Sign-On

SSO

SSO allows users to authenticate once and gain access to multiple applications and systems without re-entering credentials for...

IAM Authentication Foundational

SOC 2 Identity Controls

SOC 2

SOC 2 (Service Organization Control 2) is a compliance framework for SaaS and cloud service providers requiring controls...

Compliance SOC2 SaaS

SOX Compliance for Identity

SOX

The Sarbanes-Oxley Act (SOX) requires public companies to maintain strong internal controls over financial reporting, with specific identity...

Compliance IGA Finance

SPIFFE

Secure Production Identity Framework for Everyone

SPIFFE (Secure Production Identity Framework for Everyone) is an open standard for machine identity in dynamic infrastructure —...

NHI Zero Trust Cloud

SSH Key

Secure Shell Key

An SSH key is a cryptographic key pair (public + private) used to authenticate to SSH-enabled systems (Linux...

PAM NHI Linux

Stale Accounts

Stale accounts are user accounts or identities that remain active in an organization's IT environment despite being unused...

IGA PAM Security Risk

Standing Privileges

Standing privileges are persistent, always-active elevated access rights that exist regardless of whether they are currently needed —...

PAM Zero Trust Risk

T

Token Theft

Token theft is an attack where an adversary steals a valid authentication or session token — such as...

IAM Attack Security

U

User Access Review

UAR

A User Access Review (UAR) is a formal, periodic audit where managers, application owners, or data custodians review...

IGA Compliance Governance

V

Vault Certificate

A vault certificate is a digital certificate stored securely within a secrets vault (HashiCorp Vault, CyberArk, Azure Key...

PAM NHI Certificate

Verified ID

Verified ID (Decentralized Identity) is an emerging identity paradigm where individuals hold and control their own verifiable credentials...

IAM Emerging Decentralized

W

Workload IAM

Workload IAM refers to the application of Identity and Access Management principles specifically to non-human identities — cloud...

Cloud NHI IAM

Workload Identity

Workload identity is a specific type of machine identity assigned to software-based entities — containers, serverless functions, VMs,...

Cloud NHI Zero Trust

Workload IGA

Workload IGA (Identity Governance and Administration) extends traditional IGA processes — access reviews, lifecycle management, entitlement governance —...

Cloud NHI IGA

Z

Zero Standing Privilege

ZSP

Zero Standing Privilege is the security goal of eliminating all persistent privileged access — ensuring no account has...

PAM Zero Trust Least Privilege

Zero Trust Architecture

ZTA

Zero Trust is a security paradigm based on the principle never trust, always verify — eliminating implicit trust...

Zero Trust Architecture Foundational

Zero Trust Network Access

ZTNA

Zero Trust Network Access (ZTNA) is a security service that provides secure, identity-aware access to specific applications —...

Zero Trust Network VPN Replacement