Glossary

The identity security glossary.

Plain-language definitions for the terms behind IAM, PAM, and identity governance — written by the team that builds them.

Identity & Access

Identity and Access Management (IAM)IAM is the framework of policies and technology that verifies who users are and controls what they can access across an organization.Read moreSingle Sign-On (SSO)SSO lets users authenticate once and access many applications without signing in again, using a trusted central identity provider.Read moreMulti-Factor Authentication (MFA)MFA requires two or more independent proofs of identity, such as a password plus a passkey or one-time code, before granting access.Read morePasswordless AuthenticationPasswordless authentication verifies users without any password, using passkeys, biometrics, security keys, or device-bound credentials instead.Read morePasskeys (FIDO2 / WebAuthn)Passkeys are phishing-resistant sign-in credentials based on FIDO2/WebAuthn public-key cryptography, unlocked with a fingerprint, face, or PIN.Read moreSAML (Security Assertion Markup Language)SAML is an XML-based standard that lets an identity provider pass signed authentication assertions to applications, enabling enterprise SSO.Read moreOpenID Connect (OIDC)OIDC is a modern identity layer on top of OAuth 2.0 that lets applications verify who a user is via signed JSON tokens from an identity provider.Read moreSCIM (System for Cross-domain Identity Management)SCIM is an open standard for automatically creating, updating, and deactivating user accounts across applications from a central identity source.Read moreAdaptive AuthenticationAdaptive authentication adjusts login requirements in real time based on risk signals like device, location, and behavior, stepping up only when needed.Read moreIdentity Provider (IdP)An identity provider is the central service that authenticates users and issues trusted tokens that applications rely on for sign-in.Read more

Privileged Access

Privileged Access Management (PAM)Privileged access management secures, controls and monitors accounts with elevated permissions to critical systems, reducing the risk of breach and misuse.Read moreJust-in-Time (JIT) AccessJust-in-time access grants privileges only when needed and for a limited time, eliminating standing access that attackers can exploit.Read morePrivileged Session RecordingPrivileged session recording captures video and keystrokes of administrative sessions, creating a searchable audit trail of what was done on critical systems.Read moreCredential VaultingCredential vaulting stores privileged passwords and keys in an encrypted, access-controlled repository instead of spreadsheets, scripts or memory.Read morePassword RotationPassword rotation automatically changes privileged passwords on a schedule or after each use, so stolen or leaked credentials quickly stop working.Read moreZero Standing Privilege (ZSP)Zero standing privilege means no account holds permanent admin rights; all elevated access is granted just in time and expires automatically.Read morePrinciple of Least Privilege (PoLP)The principle of least privilege gives every user, application and system only the minimum access needed to do its job, and nothing more.Read morePrivileged Session Management (PSM)Privileged session management brokers, monitors and controls administrative sessions to critical systems, from credential injection to live termination.Read moreSecrets ManagementSecrets management secures the passwords, API keys, tokens and certificates that applications and machines use to authenticate to each other.Read moreBreak-Glass AccountA break-glass account is a sealed emergency account used to regain access to critical systems when normal authentication or approval paths fail.Read more

Ready to start managing
identities the right way?

Spin up a fully-loaded trial tenant in under five minutes. No credit card. No sales gate.