NIM

A list of permissions attached to an object that specifies which users or system processes are granted access to objects and what operations are allowed on given objects.

Configuring access levels for users and groups within a software system involves granting authorized users the necessary permissions and restricting unauthorized access. System administrators often use hierarchical user groups for this process. Regular auditing and maintenance are essential to adapt to changing business requirements and employee roles.

The process of handling user requests for access to systems, applications, or data, including approval workflows and auditing.

A credential used by an application to access protected resources on behalf of a user, typically issued by an authorization server after the user authenticates.

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides a centralized and standardized system for managing and organizing network resources, such as user accounts, computers, printers, and security groups. Active Directory facilitates authentication and authorization, enabling administrators to set access policies and permissions for network resources. By using a hierarchical structure composed of domains, trees, and forests, AD supports scalability and flexibility in managing large and complex IT environments. Additionally, it incorporates features such as Group Policy for centralized management of user and computer settings, enhancing security and efficiency across the organization.

Active Directory Federation Services (AD FS) is a Microsoft software component that provides single sign-on (SSO) and identity federation capabilities, allowing users to authenticate once and access multiple systems and applications both within and across organizational boundaries. By leveraging claims-based authentication and supporting standard protocols like SAML, WS-Federation, and OAuth, AD FS enables secure sharing of user identities and attributes. It integrates seamlessly with Active Directory, using existing user accounts and group memberships for federated authentication. Additionally, AD FS includes a Security Token Service (STS) for issuing security tokens and a Web Application Proxy (WAP) for secure external access to internal web applications.

Anti-virus software is a crucial cybersecurity tool designed to detect, prevent, and remove malicious software, commonly known as malware, from computer systems. It works by scanning files, programs, and incoming data for known viruses and suspicious behavior that could indicate a new or unknown threat. Anti-virus programs use a combination of signature-based detection, which relies on a database of known malware signatures, and heuristic-based detection, which analyzes the behavior of programs to identify potentially harmful activities. Regular updates ensure that the software can protect against the latest threats. By continuously monitoring the system, anti-virus software helps to safeguard sensitive information, prevent unauthorized access, and maintain the overall health and performance of the computer. It plays a vital role in protecting both personal and organizational data from cyberattacks, minimizing the risk of data breaches and other security incidents.

Apps are fully customizable web forms that let you delegate traditional helpdesk tasks to users within your organization (e.g., create accounts, enable/disable accounts, update account attributes, password reset, modify group memberships, etc).

A piece of information that describes or characterizes an entity, such as a user, and is used in access control decisions.

An access control method that grants access based on attributes (characteristics) of the user, the resource, and the environment, offering more granular and dynamic access control than traditional methods.

The process of determining that the party with which you are communicating is indeed who they claim to be. In other words, the process of determining a user’s identity.

A security framework for intelligently controlling access to computer resources, enforcing policies, and auditing usage.

Something a user knows, has, or is, which is used to verify their identity during the authentication process (e.g., password, token, biometric).

The process of determining whether an authenticated user or application has the necessary permissions to access a resource or perform an action.

A temporary code used in the OAuth 2.0 authorization flow to obtain an access token from an authorization server.

A server that issues access tokens to client applications after successfully authenticating and authorizing a user.

In the context of account management, automation refers to the use of software and tools to perform routine account-related tasks without manual intervention. This can include provisioning new accounts, deprovisioning old accounts, managing permissions, resetting passwords, and ensuring compliance with security policies. By automating these processes, organizations can significantly reduce the risk of human error, enhance security, and improve efficiency. Automation ensures that account management tasks are executed consistently and promptly, reducing the administrative burden on IT staff and allowing them to focus on more strategic initiatives. It also facilitates seamless onboarding and offboarding of users, maintains up-to-date access controls, and helps in adhering to regulatory requirements by ensuring accurate and auditable account management practices.

A type of biometric authentication that identifies individuals based on unique patterns in their behavior, such as keystroke dynamics or mouse movements.

A security process that relies on unique biological characteristics of an individual to verify identity.

Physiological or behavioral characteristics of an individual that can be used to uniquely identify them, such as fingerprints, facial patterns, or voiceprints.

A mathematical representation of a biometric sample used for comparison during the biometric authentication process.

A model where users can use their existing digital identities from social or other identity providers to access organizational resources.

A digital document used to authenticate the identity of a user, device, or service, typically issued by a certificate authority.

An entity that issues digital certificates for use by other parties, validating the identities of the parties involved.

A piece of information about a user (e.g., name, email address, role) that is asserted by an identity provider and used in access control decisions.

A security approach that controls access to resources based on specific conditions, such as user location, device health, and risk level, to enhance security and compliance.

Permission given by a user to allow an application or service to access their data or perform actions on their behalf.

An advanced access control method that considers the context of access requests, such as the location, time, device, and behavior of the user, to make more informed and dynamic access decisions.

A security measure that continuously verifies a user's identity throughout a session using various behavioral and contextual factors, rather than relying solely on initial login credentials.

Information used to authenticate a user, such as a password, token, or certificate.

The practice of storing, managing, and ensuring the secure use of digital credentials, such as passwords, tokens, and certificates, used for authentication and access control.

A process that allows administrators to delegate specific administrative tasks or permissions to other users or groups within an organization, facilitating more efficient management.

The process of granting one user or application the authority to act on behalf of another user, typically with restrictions and for a limited time.

The process of registering and configuring a device to enable it to access resources in an organization's network.

The online or networked identity adopted or claimed in cyberspace by an individual, organization, or electronic device.

A centralized repository for storing and managing identity-related information, such as user accounts, groups, and access rights.

A software application or set of applications that stores and organizes information about a computer network's users and network resources, and that allows network administrators to manage users' access to the resources.

The process of converting data into a secure format that can only be read or processed with a decryption key.

The process of managing and enforcing policies that define what resources and services users are entitled to access based on their roles, responsibilities, and attributes.

An arrangement that can be made among multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all enterprises in the group.

An extension of single sign-on that allows for the use of a single authentication token to access multiple systems or services across organizational boundaries.

An arrangement where multiple organizations share authentication and authorization information to enable seamless access to resources across organizational boundaries.

A Group Managed Service Account (GMSA) in Active Directory is a type of managed domain account designed to provide automatic password management, simplified service principal name (SPN) management, and the ability to delegate management to other administrators. Introduced in Windows Server 2012, GMSAs are used to run services or scheduled tasks with a specific identity, eliminating the need for manual password updates. Unlike traditional service accounts, GMSAs do not require password resets by administrators, as the domain controller automatically handles password generation and updates. This enhances security by reducing the risk of password-related vulnerabilities and simplifies the administration of service accounts across multiple servers. Additionally, GMSAs can be used by multiple servers within a domain, making them ideal for load-balanced services and distributed applications.

An entity (e.g., user, device, service) that can be authenticated and authorized to access resources.

A framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.

An intermediary service that allows different identity providers and service providers to communicate, enabling seamless authentication and access management across systems.

The process of linking multiple digital identities or accounts that belong to the same individual across different systems or domains, enabling a unified view of the user's identity.

A system of trust established between multiple organizations where identity information is shared and accepted across systems and domains.

A policy-based approach to identity management and access control, including the administration of user identities and entitlements and ensuring compliance.

The process of managing the entire lifecycle of a digital identity, from creation through updates and maintenance, to eventual deactivation and deletion.

A cloud-based identity management solution that provides authentication, authorization, and identity management services to organizations on a subscription basis.

The automated coordination and management of identity-related processes, policies, and technologies to ensure seamless and secure identity management across an organization.

A process used to confirm an individual's identity, often as part of a credential issuance process, using various verification techniques and technologies.

A system entity that creates, maintains, and manages identity information and provides authentication services within a federation or distributed network.

The process of ensuring that identity data is consistent and accurate across different systems and directories, often involving the merging or updating of records.

The process of matching and consolidating identity records from different sources to create a single, accurate representation of an individual or entity.

The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.

The process of verifying that an individual's identity matches the one that is supposed to be presented, typically through documents, biometrics, or other methods.

The act of pretending to be another person or entity, often for fraudulent purposes.

The process of combining different systems, applications, or components to work together as a unified whole.

The ability of different systems, applications, or components to communicate and exchange data with each other.

A process that dynamically creates user accounts when they are needed rather than creating them in advance, often used in cloud services and federated environments.

The principle of granting users the minimum permissions necessary to perform their job functions, reducing the risk of privilege abuse.

An open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services.

The process of recording events and activities in a system for auditing, analysis, and troubleshooting purposes.

A security system that requires more than one method of authentication to verify a user's identity for a login or other transaction.

An open standard for access delegation, commonly used for granting applications access to resources without sharing passwords.

An open standard for access delegation, commonly used as a way to grant websites or applications limited access to user information without exposing passwords.

An open standard for decentralized authentication, allowing users to use a single set of credentials to access multiple sites.

An authentication method that does not require users to enter passwords, often using biometric data or token-based systems.

A set of rules or guidelines that govern how resources should be accessed and used within an organization.

An access control method that uses policies to determine access rights, which can consider various attributes such as roles, actions, resources, and environmental factors.

A subset of IAM focused on ensuring that privileged accounts are properly managed and monitored to protect critical systems and data.

A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

A method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

An open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

A feature that allows users to reset their passwords without the need for administrator intervention, typically through a web interface or automated system.

A part of a system that, if it fails, will stop the entire system from working. In identity management, reducing SPOFs is critical for maintaining system reliability and availability.

An authentication process that allows a user to access multiple applications with one set of login credentials.

A security model that assumes threats could be internal or external and, therefore, verifies every access request as though it originates from an open network.