Forget buzzwords and buzz phrases. These terms are keepers, and knowing them can go a long way to help you navigate identity and access management for your organization’s systems and networks.

Access management

The processes and technologies used to control and monitor network access. Access management features, such as authentication, authorization, trust and security auditing, are part and parcel of the top ID management systems for both on-premises and cloud-based systems. 

Active Directory (AD)

AD is a user-identity directory service that Microsoft developed for Windows domain networks. While proprietary, AD is widely deployed as part of the Windows Server operating system.

Biometric authentication (also realistic authentication)

An authentication method that relies on an individual user’s distinctive and measurable human characteristics. Examples of biometric authentication technologies are as follows:

  • Fingerprint sensors
  • Palm vein recognition
  • Iris and retina scanning
  • Facial recognition 

Context-aware network access control (CANAC)

A policy-based method of granting a user access to network resources according to their current context, such as whether their device complies with your IT policy.

Credential (digital credential)

Generally a proof of identity that allows a user access to a network. Credentials include the user’s password, public key infrastructure (PKI) certificate, or biometric information (fingerprint, iris, retina). Beyond allowing user access, credentials may also be temporarily used to specify which digital process a user can access for a temporary session as in the case with Amazon Web Services security protocol.


The removal of an identity from an ID repository and terminating all its access privileges. 

Digital identity 

This refers to the ID itself, including the description of the user (including such endpoints as a laptop or a smartphone) and their access privileges. 


The set of attributes that specify the access rights and privileges of an authenticated security principal. 

Identity as a Service (IDaaS) 

Cloud-based authentication built and operated by a third-party provider. IDaaS offers IAM functionality to an organization’s systems that reside on-premises and/or in the cloud. 

Identity lifecycle management (ILM)

A term that refers to the entire set of processes and technologies employed to maintain and update digital identities. ILM includes the following processes: 

  • Identity synchronization
  • Provisioning
  • De-provisioning
  • Ongoing management of user attributes, credentials, and entitlements 

Identity synchronization 

The process of ensuring that multiple identity stores contain consistent data for a given digital ID.

In a Windows functionality, for example, identity synchronization comprises these processes:

  • Detection of all the password changes on Active Directory and synchronization with Directory Server using On Demand Synchronization.
  • Detection of all password changes on Directory Server and synchronization with Active Directory.

Lightweight Directory Access Protocol (LDAP) 

LDAP is open standards-based and vendor-neutral protocol for the management of and access to a distributed directory service (e.g., Microsoft’s AD). 

Multi-factor authentication (MFA) 

An authentication scheme that requires multiple means of authentication by employing either three or all these factors:  

  • Knowledge (something you know): PIN, username and password, security question  
  • Possession (something you have): token, USB key, magic link, or card  
  • Inherence (something you are): biometrics—e.g., fingerprint, voice, palm veins, complex iris/retina patterns, behavior pattern, etc.  
  • Location (someplace you are): actual physical location determined through GPS tracking.

Password reset 

In the context of IAM, this is a feature of an ID management system that lets users re-establish their own passwords without involving the administrators (and thus reducing the volume of calls to the helpdesk). Users can usually access the reset application through a browser, and in order for their identity to be verified, they have to provide information such as a secret word or answer a set of questions. 

Privileged account management 

This term refers to the management and audit of accounts and data access based on a user’s privileges. A user’s specific function within their organization typically dictates the kind of access they have, which can involve privileged access to admin systems, for example, where they are allowed to perform such tasks as setting up and deleting user accounts and roles.

Provisioning Access Management

The process of creating identities, designating their access privileges, and adding them to an ID repository. 

Risk-based authentication (RBA) 

The dynamic method of adjusting the levels of stringency of authentication requirements based on the user’s present situation when authentication is attempted. A common example is when users attempt to authenticate from an IP address that isn’t previously associated with them, they may be have to satisfy additional authentication requirements. 

Security principal 

A digital identity that carries one or more credentials that can be authenticated and authorized to interact with the network they’re trying to access. 

Single sign-on (SSO) 

A type of access control that allows users to log in with a single set of credentials (e.g., username and password) to access multiple related but separate systems. 

When a user logs into applications that are spread across different domains, SSO systems use a technique called federation (a category of data integration technology that provides the ability to query and aggregate data from disparate sources in a virtual database so it can be used by business intelligence, reporting, or analysis applications in real-time). 

User behavior analytics (UBA) 

Gartner defines UBA as a cybersecurity process relating to the detection of insider threats, targeted attacks, and financial fraud. Unlike other security technologies, UBA does not focus on tracking devices or security events. UBA is also sometimes grouped with user and entity behavior analytics (UEBA). 

Streamline and strengthen your identity and access management with TraitWare’s enterprise-level solutions.

Contact us today for a free trial or to request a demo.