Glossary

Access Certification
Access certification helps with management of access rights. These rights also called privileges, role assignments, authorities or authorizations need to be assigned to the right users in the right systems at the right time. Access Certification means reviewing the settings such as assignments of roles to users to make sure that employees have accesses to the systems they need.
Access Management
Access Management (AM) is a security discipline that provides access to authorised users to enter particular resources. It also prevents non-authorised users from accessing the resources. Thus the goal of Access Management is to unify the security mechanisms that take place when a user is accessing specific system or functionality. Single Sign-On (SSO) is sometimes considered to be a part of Access Management.
Alternative terms: AM,
Account
Data structure in a database, file or a similar data store that describes characteristics of a user of a particular system (resource). Accounts are used to control access of users to applications, databases and so on. In midPoint terminology, an account strictly means a data structure in source/target system (resource). Term "user" is used to describe a similar data structure in midPoint itself.
Alternative terms: User account,
See also: User,
Active Directory
An identity repository created by Microsoft that stores and arranges identity information. Based on this information, it provides access and permissions to users to enter particular resources and therefore improves organization’s security.
Authentication
In IT world, authentication is process of verifying user’s identity. Identifying the user is usually done by username and password. It is a process followed by authorisation when it is decided if user gets the access into the desired source or not.
Authorization
In IT world, authorisation is a process of giving user permission to enter and use specific resource. It is a step after authentication when user is identified usually thanks to his username and password. When these match with the data stored in a company’s database, user is given permission to access specific systems according to his roles and perform certain activities.
Cloud Computing
Internet-based computing when resources like storage, applications or servers are used by organizations or users via Internet. Data could be accessed any time from any place, without any installations and is stored and processed in third-party data centers which could be located anywhere in the world. Cloud computing is considered to lower organization’s costs by avoiding the need of purchasing servers as well as to speed up the processes with less maintenance needed. Due to data being centralized at one place, it is considered to be secure and easily shared across bigger amount of users.
Connector
A piece of code that connects IDM system (midPoint) with a system that is either identity data source or provisioning target (identity resource).
Alternative terms: Identity Connector,
See also: Resource,
Delegated Administration
Type of administration where chosen users have administrator permissions. They can manage other users, create passwords for them, move them into groups, assign them roles, etc.
Entitlement
A resource object similar to an account representing privilege, access right, resource-side role, group or any similar concept. However, unlike account, the entitlement does not represent a user.
Generic Synchronization
Advanced model of synchronization where not only users and accounts are synchronized, but also groups to roles, organizational units to groups, roles to ACLs and so on.
Governance, risk management and compliance
Governance, risk management and compliance (GRC) is a discipline that helps organizations to have more control over processes and be more effective. Governance is the set of decisions and actions by which individual processes as well as the whole organization are lead to achieve specific goals. Risk management identifies, predicts and prioritizes risks with aim to minimize them or avoid their negative influence on organizations' aims. Compliance means following certain rules, regulations or procedures. A GRC software facilitates this problematic by taking care of all three parts by one single solution. It is a very helpful tool for business executives, managers or IT directors. Thanks to it it is possible to define, enforce, audit and review policies responsible for the exchange of information between internal systems as well as between the external ones.
Alternative terms: GRC,
Identity Deprovisioning
Identity deprovisioning is as well as identity provisioning a subfield of Identity and Access Management (IAM). It is an opposite to identity provisioning. While identity provisioning takes care of creating new accounts, determining the roles for individual users and their rights or making changes in them, deprovisioning works oppositely. When an employee leaves the company, his account is deactivated or deleted and he loses all the accesses to both internal and external systems. This way organization minimizes information theft and stays secure.
Alternative terms: Deprovisioning,
Identity Federation
Identity federation is a process of sharing user’s identification and personal data between multiple systems and between organizations, so the user doesn’t have to register for each organization separately and can seamlessly access systems in federated organizations.
Identity Governance
Business aspect of managing identities including business processes, rules, policies and organizational structures. Any complete solution for management of identities consists of two major parts – identity governance and identity management.
Alternative terms: Governance, IGA, Identity Governance and Administration,
See also: Governance, risk management and compliance,
Identity Lifecycle
Set of identity stages from creation to its deactivation or deletion. It contains creation of an account, assignment of correct groups and permissions, setting and resetting passwords and in the end deactivation or deletion of the account.
See also: ,
Identity Management
Identity Management (IDM) is a process of managing identities and their accesses to specific resources in the cyberspace. It ensures appropriate access in appropriate time and helps to manage user accounts as well as to synchronize data.
Alternative terms: IDM,
See also: Access Management,
Identity Provisioning
Subfield of Identity and Access Management (IAM). It is a technology thanks to which many identity stores are synchronized, merged and maintained. Identity provisioning takes care of technical tasks during the whole user lifecycle - when new employee is hired, when his responsibilities change or he leaves the company (deprovisioning). It helps the organization to work more effectively as its goal is to automate as much as possible. The provisioning system usually takes information about employees from the Human Resource (HR) system. When new employee is recorded into HR system, this information is detected and pulled by the provisioning system. After that, it is processed to determine set of roles each user should have. These roles determine and create accounts users should have, so everything is ready for new users on the very first day. If a user is transferred to another department or his privileges change, similar processes happen again. If an employee leaves the company, identity provisioning systems makes sure all his accounts are closed.
Alternative terms: Provisioning,
See also: ,
Open Source
The meaning of this term is very simple - it is something people can wilfully modify according to their own needs or wishes. Firstly, this term was known in the context of software, which code was publicly exposed and available for modification. Later open source spread widely. There are open source projects, products, participations and many others. Many organizations and people choose open source software, hence it is considered to be more secured and grants people more control over it. This software can also be more stable as many other people may contribute their own ideas, correct it or improve it. Open source products are free and the creators usually charge other organizations for support or software services as implementation or deployment.
Alternative terms: OSS, Open Source Software,
Organizational Structure
A hierarchical arrangement of authority, rights or duties in an organization. It determines the assignment, control or coordination of roles, responsibilities and power. A character of the organizational structure is highly dependant on the organization’s strategy and goals. The theme of organizational structure is closely linked to identity management. Organizing the company into this structure, assigning rights to individuals, working groups or project and controlling everything from one place – that are advantages that any high quality IDM solution is supposed to provide.
Password Management
Gives the organization an opportunity to meet the highest security standards thanks to the ability of having access to business systems and networks under control. Most of the employees usually pick just simple passwords and use same ones in multiple systems or applications. Password management helps to compose strong and unique passwords for both users and resources and ideally takes care of them during the whole user life cycle.
Alternative terms: Credential management,
Polystring
A built-in data type for polymorphic string maintaining extra values in addition to its original value. The extra values are derived from the original value automatically using a normalization code. PolyString supports national characters in strings. It contains both the original value (with national characters) and normalized value (without national characters). This can be used for transliteration of national characters in usernames. All the values are stored in the repository, therefore they can be used to look for the object. Search ignoring the difference in diacritics or search by transliterated value can be used even if the repository itself does not support such feature explicitly.
Product Architecture
Concept, design and description of the products part which are assigned into subsystems. It is also way how these subsystems interact with each other.
Repository
MidPoint internal database. It is used to store all internal midPoint data and vast majority of midPoint configuration.
Alternative terms: MidPoint repository,
Resource
A system that is either identity data source or provisioning target. IDM system (midPoint) is managing accounts in that system, feeding data from that system or doing any other combination of identity management operations. Identity resource should not be confused with "web resource" that is used by RESTful APIs.
Alternative terms: Identity Resource, Provisioning Resource,
See also: Connector,
Single Sign-On
Single sign-on (SSO) is an authentication process based on user logging into multiple systems with single username and password. It is used for systems that require authentication for each application while using the same credentials. SSO works on central service from where the user gains access to different applications without logging in again.
Alternative terms: SSO,
User
Generally speaking, a person that is using a computing system. In midPoint terminology, a user means a data structure in midPoint that describes a person. Similar data structure in source/target system (identity resource) is called an "account".
Alternative terms: MidPoint User,
See also: Account,