Skip to main content

NIM

References

The following terms are used in the NIM Documentation:

Glossary

Access Control List (ACL)

A list of permissions attached to an object that specifies which users or system processes are granted access to objects and what operations are allowed on given objects.

Access Management

Configuring access levels for users and groups within a software system involves granting authorized users the necessary permissions and restricting unauthorized access. System administrators often use hierarchical user groups for this process. Regular auditing and maintenance are essential to adapt to changing business requirements and employee roles.

Access Request Management

The process of handling user requests for access to systems, applications, or data, including approval workflows and auditing.

Access Token

A credential used by an application to access protected resources on behalf of a user, typically issued by an authorization server after the user authenticates.

Active Directory (AD)

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides a centralized and standardized system for managing and organizing network resources, such as user accounts, computers, printers, and security groups. Active Directory facilitates authentication and authorization, enabling administrators to set access policies and permissions for network resources. By using a hierarchical structure composed of domains, trees, and forests, AD supports scalability and flexibility in managing large and complex IT environments. Additionally, it incorporates features such as Group Policy for centralized management of user and computer settings, enhancing security and efficiency across the organization.

Active Directory Federation Services (ADFS)

Active Directory Federation Services (AD FS) is a Microsoft software component that provides single sign-on (SSO) and identity federation capabilities, allowing users to authenticate once and access multiple systems and applications both within and across organizational boundaries. By leveraging claims-based authentication and supporting standard protocols like SAML, WS-Federation, and OAuth, AD FS enables secure sharing of user identities and attributes. It integrates seamlessly with Active Directory, using existing user accounts and group memberships for federated authentication. Additionally, AD FS includes a Security Token Service (STS) for issuing security tokens and a Web Application Proxy (WAP) for secure external access to internal web applications.

Anti-virus

Anti-virus software is a crucial cybersecurity tool designed to detect, prevent, and remove malicious software, commonly known as malware, from computer systems. It works by scanning files, programs, and incoming data for known viruses and suspicious behavior that could indicate a new or unknown threat. Anti-virus programs use a combination of signature-based detection, which relies on a database of known malware signatures, and heuristic-based detection, which analyzes the behavior of programs to identify potentially harmful activities. Regular updates ensure that the software can protect against the latest threats. By continuously monitoring the system, anti-virus software helps to safeguard sensitive information, prevent unauthorized access, and maintain the overall health and performance of the computer. It plays a vital role in protecting both personal and organizational data from cyberattacks, minimizing the risk of data breaches and other security incidents.

App

Apps are fully customizable web forms that let you delegate traditional helpdesk tasks to users within your organization (e.g., create accounts, enable/disable accounts, update account attributes, password reset, modify group memberships, etc).

Attribute

A piece of information that describes or characterizes an entity, such as a user, and is used in access control decisions.

Attribute-Based Access Control (ABAC)

An access control method that grants access based on attributes (characteristics) of the user, the resource, and the environment, offering more granular and dynamic access control than traditional methods.

Authentication

The process of determining that the party with which you are communicating is indeed who they claim to be. In other words, the process of determining a user’s identity.

Authentication, Authorization, and Accounting (AAA)

A security framework for intelligently controlling access to computer resources, enforcing policies, and auditing usage.

Authentication Factor

Something a user knows, has, or is, which is used to verify their identity during the authentication process (e.g., password, token, biometric).

Authorization

The process of determining whether an authenticated user or application has the necessary permissions to access a resource or perform an action.

Authorization Code

A temporary code used in the OAuth 2.0 authorization flow to obtain an access token from an authorization server.

Authorization Server

A server that issues access tokens to client applications after successfully authenticating and authorizing a user.

Automation

In the context of account management, automation refers to the use of software and tools to perform routine account-related tasks without manual intervention. This can include provisioning new accounts, deprovisioning old accounts, managing permissions, resetting passwords, and ensuring compliance with security policies. By automating these processes, organizations can significantly reduce the risk of human error, enhance security, and improve efficiency. Automation ensures that account management tasks are executed consistently and promptly, reducing the administrative burden on IT staff and allowing them to focus on more strategic initiatives. It also facilitates seamless onboarding and offboarding of users, maintains up-to-date access controls, and helps in adhering to regulatory requirements by ensuring accurate and auditable account management practices.

Behavioral Biometrics

A type of biometric authentication that identifies individuals based on unique patterns in their behavior, such as keystroke dynamics or mouse movements.

Biometric Authentication

A security process that relies on unique biological characteristics of an individual to verify identity.

Biometric Data

Physiological or behavioral characteristics of an individual that can be used to uniquely identify them, such as fingerprints, facial patterns, or voiceprints.

Biometric Template

A mathematical representation of a biometric sample used for comparison during the biometric authentication process.

Bring Your Own Identity (BYOI)

A model where users can use their existing digital identities from social or other identity providers to access organizational resources.

Certificate

A digital document used to authenticate the identity of a user, device, or service, typically issued by a certificate authority.

Certificate Authority (CA)

An entity that issues digital certificates for use by other parties, validating the identities of the parties involved.

Claim

A piece of information about a user (e.g., name, email address, role) that is asserted by an identity provider and used in access control decisions.

Conditional Access

A security approach that controls access to resources based on specific conditions, such as user location, device health, and risk level, to enhance security and compliance.

Consent

Permission given by a user to allow an application or service to access their data or perform actions on their behalf.

Context-Aware Access Control (CAAC)

An advanced access control method that considers the context of access requests, such as the location, time, device, and behavior of the user, to make more informed and dynamic access decisions.

Continuous Authentication

A security measure that continuously verifies a user's identity throughout a session using various behavioral and contextual factors, rather than relying solely on initial login credentials.

Credential

Information used to authenticate a user, such as a password, token, or certificate.

Credential Management

The practice of storing, managing, and ensuring the secure use of digital credentials, such as passwords, tokens, and certificates, used for authentication and access control.

Delegated Administration

A process that allows administrators to delegate specific administrative tasks or permissions to other users or groups within an organization, facilitating more efficient management.

Delegation

The process of granting one user or application the authority to act on behalf of another user, typically with restrictions and for a limited time.

Device Enrollment

The process of registering and configuring a device to enable it to access resources in an organization's network.

Digital Identity

The online or networked identity adopted or claimed in cyberspace by an individual, organization, or electronic device.

Directory

A centralized repository for storing and managing identity-related information, such as user accounts, groups, and access rights.

Directory Service

A software application or set of applications that stores and organizes information about a computer network's users and network resources, and that allows network administrators to manage users' access to the resources.

Encryption

The process of converting data into a secure format that can only be read or processed with a decryption key.

Entitlement Management

The process of managing and enforcing policies that define what resources and services users are entitled to access based on their roles, responsibilities, and attributes.

Federated Identity Management (FIM)

An arrangement that can be made among multiple enterprises to let subscribers use the same identification data to obtain access to the networks of all enterprises in the group.

Federated Single Sign-On (FSSO)

An extension of single sign-on that allows for the use of a single authentication token to access multiple systems or services across organizational boundaries.

Federation

An arrangement where multiple organizations share authentication and authorization information to enable seamless access to resources across organizational boundaries.

Group Managed Service Account (GMSA)

A Group Managed Service Account (GMSA) in Active Directory is a type of managed domain account designed to provide automatic password management, simplified service principal name (SPN) management, and the ability to delegate management to other administrators. Introduced in Windows Server 2012, GMSAs are used to run services or scheduled tasks with a specific identity, eliminating the need for manual password updates. Unlike traditional service accounts, GMSAs do not require password resets by administrators, as the domain controller automatically handles password generation and updates. This enhances security by reducing the risk of password-related vulnerabilities and simplifies the administration of service accounts across multiple servers. Additionally, GMSAs can be used by multiple servers within a domain, making them ideal for load-balanced services and distributed applications.

Identity

An entity (e.g., user, device, service) that can be authenticated and authorized to access resources.

Identity and Access Management (IAM)

A framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.

Identity Broker

An intermediary service that allows different identity providers and service providers to communicate, enabling seamless authentication and access management across systems.

Identity Correlation

The process of linking multiple digital identities or accounts that belong to the same individual across different systems or domains, enabling a unified view of the user's identity.

Identity Federation

A system of trust established between multiple organizations where identity information is shared and accepted across systems and domains.

Identity Governance and Administration (IGA)

A policy-based approach to identity management and access control, including the administration of user identities and entitlements and ensuring compliance.

Identity Lifecycle Management

The process of managing the entire lifecycle of a digital identity, from creation through updates and maintenance, to eventual deactivation and deletion.

Identity Management-as-a-Service (IDaaS)

A cloud-based identity management solution that provides authentication, authorization, and identity management services to organizations on a subscription basis.

Identity Orchestration

The automated coordination and management of identity-related processes, policies, and technologies to ensure seamless and secure identity management across an organization.

Identity Proofing

A process used to confirm an individual's identity, often as part of a credential issuance process, using various verification techniques and technologies.

Identity Provider (IdP)

A system entity that creates, maintains, and manages identity information and provides authentication services within a federation or distributed network.

Identity Reconciliation

The process of ensuring that identity data is consistent and accurate across different systems and directories, often involving the merging or updating of records.

Identity Resolution

The process of matching and consolidating identity records from different sources to create a single, accurate representation of an individual or entity.

Identity Theft

The fraudulent acquisition and use of a person's private identifying information, usually for financial gain.

Identity Verification

The process of verifying that an individual's identity matches the one that is supposed to be presented, typically through documents, biometrics, or other methods.

Impersonation

The act of pretending to be another person or entity, often for fraudulent purposes.

Integration

The process of combining different systems, applications, or components to work together as a unified whole.

Interoperability

The ability of different systems, applications, or components to communicate and exchange data with each other.

Just-In-Time Provisioning (JIT Provisioning)

A process that dynamically creates user accounts when they are needed rather than creating them in advance, often used in cloud services and federated environments.

Least Privilege

The principle of granting users the minimum permissions necessary to perform their job functions, reducing the risk of privilege abuse.

Lightweight Directory Access Protocol (LDAP)

An open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services.

Logging

The process of recording events and activities in a system for auditing, analysis, and troubleshooting purposes.

Multi-Factor Authentication (MFA)

A security system that requires more than one method of authentication to verify a user's identity for a login or other transaction.

OAuth

An open standard for access delegation, commonly used for granting applications access to resources without sharing passwords.

Open Authorization (OAuth)

An open standard for access delegation, commonly used as a way to grant websites or applications limited access to user information without exposing passwords.

OpenID

An open standard for decentralized authentication, allowing users to use a single set of credentials to access multiple sites.

Passwordless Authentication

An authentication method that does not require users to enter passwords, often using biometric data or token-based systems.

Policy

A set of rules or guidelines that govern how resources should be accessed and used within an organization.

Policy-Based Access Control (PBAC)

An access control method that uses policies to determine access rights, which can consider various attributes such as roles, actions, resources, and environmental factors.

Privileged Access Management (PAM)

A subset of IAM focused on ensuring that privileged accounts are properly managed and monitored to protect critical systems and data.

Public Key Infrastructure (PKI)

A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.

Role-Based Access Control (RBAC)

A method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

Security Assertion Markup Language (SAML)

An open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Self-Service Password Reset (SSPR)

A feature that allows users to reset their passwords without the need for administrator intervention, typically through a web interface or automated system.

Single Point of Failure (SPOF)

A part of a system that, if it fails, will stop the entire system from working. In identity management, reducing SPOFs is critical for maintaining system reliability and availability.

Single Sign-On (SSO)

An authentication process that allows a user to access multiple applications with one set of login credentials.

Zero Trust Architecture (ZTA)

A security model that assumes threats could be internal or external and, therefore, verifies every access request as though it originates from an open network.