Skip to main content
CES Technology
Project Palladium

Definitions

A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z

A-B

  • "A" login attempt is a user trying to use their credentials to gain access.

  • Access management is the process of managing access to resources by users.

  • "1. Basic user info & authentication info. Groups. Subset of attributes.
    2. An entity that connects user data to a system or application.
    3. An ID with authentication credentials represented by the schema in each of the account stores (Azure AD, CES Okta, Admissions, On Prem AD, Church acct.) Schemas may not match across each store. May need additional attributes in account info to be able to map into other systems.
    4. The minimal attributes necessary to identify an individual or a system. Ensure I know who I am talking to (system or person) on the other side."

  • An executable piece of code or software that allows a function to occur.

  • Commonly called “logging in” or "signing on", it’s the process of validating that people or entities are who they say they are. Authentication may include MFA(Multi-Factor Authentication.

  • The process of determining if a user has the right to access a service or perform an action on a resource.

  • Azure Active Directory is Microsoft’s multi-user cloud-based directory and identity management service.

  • Birthright access are rights obtained automatically by membership in groups, roles, or organizations. For example, joining an organization as a new hire, might result in access to the corporate network via a VPPN.

  • Business-to-business includes operations between two businesses, such as a wholesaler and retailer. B2B transactions typically occur in the supply chain, such as where a company makes purchases from another. In some systems, such as AzureAD, B2B is also defined to include allowing access to AzureAD via a "guest" account to persons outside the host organization.

C-D

  • (CAS) - Central Authentication Service

  • An item — such as login name/password — used by a person or entity to prove him/her/itself to a system.

  • The software system that stores, organizes, and provides access to information in a directory for entities such as people, groups, devices, resources, etc.

E-F

  • Eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. The technology behind eduroam is based on the IEEE 802.1X standard and a hierarchy of RADIUS proxy servers. Users gain access to all other participating institutions though any participating institution via authentication to their own institution's RADIUS server.

  • Federated Identity Management, or Identity Federation, is the ability to access an application using a different services login(social login)

G-H

  • European directive. First recognized policy on data regulations. An individual has control over their data.

  • Global Network Operations Center

I-J

  • Identity and Access Management is the discipline that enables the right individuals to access the right resources at the right times for the right reasons.

  • "The IAM steering committee is responsible for a variety of tasks including:
    - Roadmap
    - Task prioritization
    - Funding
    - Policy
    - Oversight"

  • Information & Communications Services. The IT department of The Church of Jesus Christ of Latter-Day Saints

  • A digital identity is a set of information about an individual, process, device, organization, etc. that uniquely identities the entity. It may or may not contain credentials.

  • The processes and solutions that provide for the creation and management of information about persons, users, accounts, etc.

  • Identity governance and administration applications provide the management of groups. This is usually separated into two functional parts: access request; and access review. Access request provide workflow and process around provision groups and group membership. Access review provides workflow and process around ongoing group membership maintenance and auditing.

  • User information stored across a variety of technologies, including databases, LDAP, Active Directory, etc.

  • Identity governance and administration applications provide the management of groups. This is usually separated into two functional parts: access request; and access review. Access request provide workflow and process around provision groups and group membership. Access review provides workflow and process around ongoing group membership maintenance and auditing.

M-N

  • Multi-factor authentication (also sometimes called two-step authentication) refers to the ability to include factors(facial recognition) other than passwords to authenticate someone.

O-P

  • "When referring to "Provisioning", be specific to which component of account management:
    1. Creation
    2. Migration
    3. Linking
    4. Permissions
    5. Accesses
    6. Roles

    De-Provisioning
    1.Reversal of above"

S-T

  • Same sign-on means the user uses the same credentials to log into each application.

  • In a single sign-on (SSO) service model users log onto a single platform which gives them automatic log-in access to multiple applications for a particular period of time.

  • Refers to the credentials associated with a user

U-V

  • An end-user or appointed representative, that is not a member of the program team, can test the appointed User Intents and certify that the requirements have been met and work prior to having any production clients or traffic pointed at the item(s) to be validated.