Definitions
A-B
-
Toggle Item"A" Login
"A" login attempt is a user trying to use their credentials to gain access.
-
Toggle ItemAccess Management
Access management is the process of managing access to resources by users.
-
Toggle ItemAccount
"1. Basic user info & authentication info. Groups. Subset of attributes.
2. An entity that connects user data to a system or application.
3. An ID with authentication credentials represented by the schema in each of the account stores (Azure AD, CES Okta, Admissions, On Prem AD, Church acct.) Schemas may not match across each store. May need additional attributes in account info to be able to map into other systems.
4. The minimal attributes necessary to identify an individual or a system. Ensure I know who I am talking to (system or person) on the other side." -
Toggle ItemApplication
An executable piece of code or software that allows a function to occur.
-
Toggle ItemAuthentication
Commonly called “logging in” or "signing on", it’s the process of validating that people or entities are who they say they are. Authentication may include MFA(Multi-Factor Authentication.
-
Toggle ItemAuthorization
The process of determining if a user has the right to access a service or perform an action on a resource.
-
Toggle ItemAzureAD
Azure Active Directory is Microsoft’s multi-user cloud-based directory and identity management service.
-
Toggle ItemBirthright Access
Birthright access are rights obtained automatically by membership in groups, roles, or organizations. For example, joining an organization as a new hire, might result in access to the corporate network via a VPPN.
-
Toggle Item(B2B) - Business to Business
Business-to-business includes operations between two businesses, such as a wholesaler and retailer. B2B transactions typically occur in the supply chain, such as where a company makes purchases from another. In some systems, such as AzureAD, B2B is also defined to include allowing access to AzureAD via a "guest" account to persons outside the host organization.
C-D
-
Toggle Item(CAS) - Central Authentication Service
(CAS) - Central Authentication Service
-
Toggle ItemCredential
An item — such as login name/password — used by a person or entity to prove him/her/itself to a system.
-
Toggle ItemDirectory Service
The software system that stores, organizes, and provides access to information in a directory for entities such as people, groups, devices, resources, etc.
E-F
-
Toggle Itemeduroam
Eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. The technology behind eduroam is based on the IEEE 802.1X standard and a hierarchy of RADIUS proxy servers. Users gain access to all other participating institutions though any participating institution via authentication to their own institution's RADIUS server.
-
Toggle ItemFederation
Federated Identity Management, or Identity Federation, is the ability to access an application using a different services login(social login)
G-H
-
Toggle ItemGeneral Data Protection Regulation (GDPR)
European directive. First recognized policy on data regulations. An individual has control over their data.
-
Toggle ItemGNOC
Global Network Operations Center
I-J
-
Toggle Item(IAM) - Identity and Access Management
Identity and Access Management is the discipline that enables the right individuals to access the right resources at the right times for the right reasons.
-
Toggle ItemIAM Steering Committee
"The IAM steering committee is responsible for a variety of tasks including:
- Roadmap
- Task prioritization
- Funding
- Policy
- Oversight" -
Toggle ItemICS
Information & Communications Services. The IT department of The Church of Jesus Christ of Latter-Day Saints
-
Toggle ItemIdentity (Digital)
A digital identity is a set of information about an individual, process, device, organization, etc. that uniquely identities the entity. It may or may not contain credentials.
-
Toggle Item(ILM) - Identity Lifecycle Management
The processes and solutions that provide for the creation and management of information about persons, users, accounts, etc.
-
Toggle Item(IGA) - Identity Governance and Administration
Identity governance and administration applications provide the management of groups. This is usually separated into two functional parts: access request; and access review. Access request provide workflow and process around provision groups and group membership. Access review provides workflow and process around ongoing group membership maintenance and auditing.
-
Toggle ItemIdentity Stores
User information stored across a variety of technologies, including databases, LDAP, Active Directory, etc.
-
Toggle Item(IGA) - Identity Governance & Administration
Identity governance and administration applications provide the management of groups. This is usually separated into two functional parts: access request; and access review. Access request provide workflow and process around provision groups and group membership. Access review provides workflow and process around ongoing group membership maintenance and auditing.
M-N
-
Toggle Item(MFA) - Multi-Factor Authentication
Multi-factor authentication (also sometimes called two-step authentication) refers to the ability to include factors(facial recognition) other than passwords to authenticate someone.
O-P
-
Toggle ItemProvisioning
"When referring to "Provisioning", be specific to which component of account management:
1. Creation
2. Migration
3. Linking
4. Permissions
5. Accesses
6. RolesDe-Provisioning
1.Reversal of above"
S-T
-
Toggle ItemSame Sign-On
Same sign-on means the user uses the same credentials to log into each application.
-
Toggle Item(SSO) - Single Sign-On
In a single sign-on (SSO) service model users log onto a single platform which gives them automatic log-in access to multiple applications for a particular period of time.
-
Toggle Item"Their" Login
Refers to the credentials associated with a user
U-V
-
Toggle ItemUser Acceptance Test (UAT)
An end-user or appointed representative, that is not a member of the program team, can test the appointed User Intents and certify that the requirements have been met and work prior to having any production clients or traffic pointed at the item(s) to be validated.