Glossary
The identity security glossary.
Plain-language definitions for the terms behind IAM, PAM, and identity governance — written by the team that builds them.
Identity & Access
Identity and Access Management (IAM)IAM is the framework of policies and technology that verifies who users are and controls what they can access across an organization.Read moreSingle Sign-On (SSO)SSO lets users authenticate once and access many applications without signing in again, using a trusted central identity provider.Read moreMulti-Factor Authentication (MFA)MFA requires two or more independent proofs of identity, such as a password plus a passkey or one-time code, before granting access.Read morePasswordless AuthenticationPasswordless authentication verifies users without any password, using passkeys, biometrics, security keys, or device-bound credentials instead.Read morePasskeys (FIDO2 / WebAuthn)Passkeys are phishing-resistant sign-in credentials based on FIDO2/WebAuthn public-key cryptography, unlocked with a fingerprint, face, or PIN.Read moreSAML (Security Assertion Markup Language)SAML is an XML-based standard that lets an identity provider pass signed authentication assertions to applications, enabling enterprise SSO.Read moreOpenID Connect (OIDC)OIDC is a modern identity layer on top of OAuth 2.0 that lets applications verify who a user is via signed JSON tokens from an identity provider.Read moreSCIM (System for Cross-domain Identity Management)SCIM is an open standard for automatically creating, updating, and deactivating user accounts across applications from a central identity source.Read moreAdaptive AuthenticationAdaptive authentication adjusts login requirements in real time based on risk signals like device, location, and behavior, stepping up only when needed.Read moreIdentity Provider (IdP)An identity provider is the central service that authenticates users and issues trusted tokens that applications rely on for sign-in.Read more
Privileged Access
Privileged Access Management (PAM)Privileged access management secures, controls and monitors accounts with elevated permissions to critical systems, reducing the risk of breach and misuse.Read moreJust-in-Time (JIT) AccessJust-in-time access grants privileges only when needed and for a limited time, eliminating standing access that attackers can exploit.Read morePrivileged Session RecordingPrivileged session recording captures video and keystrokes of administrative sessions, creating a searchable audit trail of what was done on critical systems.Read moreCredential VaultingCredential vaulting stores privileged passwords and keys in an encrypted, access-controlled repository instead of spreadsheets, scripts or memory.Read morePassword RotationPassword rotation automatically changes privileged passwords on a schedule or after each use, so stolen or leaked credentials quickly stop working.Read moreZero Standing Privilege (ZSP)Zero standing privilege means no account holds permanent admin rights; all elevated access is granted just in time and expires automatically.Read morePrinciple of Least Privilege (PoLP)The principle of least privilege gives every user, application and system only the minimum access needed to do its job, and nothing more.Read morePrivileged Session Management (PSM)Privileged session management brokers, monitors and controls administrative sessions to critical systems, from credential injection to live termination.Read moreSecrets ManagementSecrets management secures the passwords, API keys, tokens and certificates that applications and machines use to authenticate to each other.Read moreBreak-Glass AccountA break-glass account is a sealed emergency account used to regain access to critical systems when normal authentication or approval paths fail.Read more
Governance
Identity Governance and Administration (IGA)IGA is the discipline of managing digital identities and access rights across systems, combining lifecycle automation with governance controls like access reviews.Read moreAccess Review (Access Certification)An access review is a periodic check where managers or system owners verify that each user still needs the access they hold, and revoke what they do not.Read moreSegregation of Duties (SoD)Segregation of duties splits critical tasks between people so no single person can both perform and conceal a sensitive action, reducing fraud and error risk.Read moreJoiner-Mover-Leaver (JML) ProcessJML is the process of granting, adjusting, and revoking access as employees join, change roles, and leave — the core of identity lifecycle management.Read moreIdentity Lifecycle ManagementIdentity lifecycle management governs a digital identity from creation to deletion, keeping accounts and access aligned with a person's current status and role.Read more
Concepts
Zero Trust SecurityZero trust is a security model that trusts no user or device by default, verifying every access request based on identity, context, and risk.Read moreConditional AccessConditional access is a policy engine that decides whether to allow, block, or step up a sign-in based on context like user, device, location, and risk.Read moreMachine IdentityA machine identity is the credential set — certificates, keys, secrets, or accounts — that lets a device, workload, or application authenticate to other systems.Read moreNon-Human Identity (NHI)A non-human identity is any digital identity not tied to a person — service accounts, API keys, bots, workloads, and AI agents that authenticate and hold access.Read moreIdentity Threat Detection and Response (ITDR)ITDR is the practice of detecting and responding to attacks on identities — credential theft, account takeover, and privilege abuse — across identity systems.Read more
Ready to start managing
identities the right way?
Spin up a fully-loaded trial tenant in under five minutes. No credit card. No sales gate.