IAM Terminology

Terminologies

IAM

Identity and Access Management

Identity Federation

Identity Federation refers to the establishment of mutual trust among multiple applications for federated authentication across different systems.

2C Management

Identity management for customers.

2B Management

Identity management for business partners.

Social Authentication

An authentication method that leverages mutual trust between applications and social platforms, allowing users to verify their identities using social accounts such as WeChat, QQ, Weibo, or DingTalk.

User Profiling

Offers multi-dimensional basic attributes, visit intent, and industry trend analysis to help users understand target audiences, identify emerging topics, and optimize content operations, enabling comprehensive network analysis to uncover potential traffic and maximize the value of user profiling.

Digital Identity

The online representation of an individual, organization, or device within cyberspace. With IAM technologies, it maps physical-world identities to their digital counterparts.

SCIM

System for Cross-domain Identity Management

Authentication

Authentication verifies user identity, addressing the "Who are you?" question with methods such as CA digital certificates, fingerprints, or one-time passwords.

2E Management

Identity management for employees.

Integrated Authentication

Enables organizations to quickly adopt various authentication methods through a unified, plug-and-play architecture with standardized APIs. The framework also supports flexible authentication workflows and configurable security levels for dynamic authentication management.

Device Fingerprint

A unique identifier generated from a device’s hardware, OS, network, and status attributes using proprietary encryption. The device fingerprint can be linked to user identities to enhance authentication security.

IDM

Identity Management

CAS

Central Authentication Service

Identity Credential

The identifier a user employs to gain access to information resources, such as passwords, PKI certificates, or biometric data (including fingerprints, iris scans, facial recognition, and voice recognition).

IoT IDM

Identity Management of Internet of Things

FIDO

Fast IDentity Online

UBA

User Behavior Analytics

AM

Access Management

OAuth 2.0

An open standard that enables users to grant third-party mobile applications access to information stored with other service providers without sharing their usernames and passwords or disclosing all their data to the third party.

Orphan Account

An account that exists in the system but cannot be linked to a specific individual, also known as a ghost account.

User Lifecycle Management

User lifecycle management enables automated synchronization, provisioning, deprovisioning, and management of user attributes, credentials, and access entitlements throughout personnel changes such as onboarding, role changes, offboarding, rehire, and retirement.

ABAC

Attribute-Based Access Control

Valid Account

An account assigned to a specific individual, actively used, and compliant with the organization's internal account management policies.

AD

Active Directory

TBAC

Task-Based Access Control

IDaaS

Identity as a Service

RBAC

Role-Based Access Control

SSO

Single Sign-On

SAML

Security Assertion Markup Language

Duplicate Account

Refers to any of multiple active accounts associated with the same user within an application system.

Permission Management

The process of controlling user permissions for resources based on predefined security rules or policies, ensuring users can access only the resources they have been explicitly granted

Dormant Account

An account associated with specific individuals that remain activated but have not been used for an extended period, such as accounts belonging to former employees.

PIM

Privileged Identity Management

LDAP

Lightweight Directory Access Protocol