Axonius Documentation
Start typing to search…

Identities Glossary

The following are definitions of some terms and concepts related to identity management.

Core Concepts

  • Managed Identity - A unique representation of an individual, or entity that interacts with a system or network.
  • Non-Human Identity - An identity representing an entity that is not a human. This can include, but is not limited to, machines, applications, services, and other non-human entities that interact with systems or networks.
  • Machine Identity - A unique representation of a machine, application, or service, rather than a human, within a system or network. This is a subset of non-human identities, focusing specifically on the identities of non-human entities.
  • Role - A collection of entitlements granted to individuals or groups, allowing them to perform specific tasks within a system.
  • Group - A collection of identities (users or other groups) that share common entitlements.
  • Profile - A grouping of permissions or entitlements within an identity management system. Profiles define the access rights for different types of users within an organization, simplifying the management of permissions and ensuring that users only have access to the resources they need to perform their job functions.
  • Rule - A logical condition or expression that specifies the criteria for granting or denying access to a resource. Unlike a group, which is a collection of users or other groups, a rule defines the specific conditions under which access is granted or denied, such as the user's role, attributes, or the time of day.
  • Workflow - A series of steps or processes involved in managing identity lifecycle activities, such as provisioning, de-provisioning, access certification, and more.
  • Access Certification - A recurring evaluation of user privileges within a system to confirm their alignment with current roles, responsibilities, and security regulations. This periodic review helps identify and rectify access anomalies, minimizing the risk of unauthorized access and ensuring compliance with industry standards.

Standards and Protocols

  • SCIM (System for Cross-domain Identity Management) - An open standard for automating the exchange of user identity information between IT systems.

Additional Terms to Consider

  • Provisioning - The process of creating or updating user accounts in target systems based on changes in identity information.
  • Deprovisioning - The process of removing user accounts from target systems when an identity is no longer active.
  • Identity Governance - The overall management of identity lifecycle processes, including provisioning, de-provisioning, access certification, and identity analytics.
  • Identity Analytics - The use of data analysis techniques to gain insights into identity usage patterns, identify security risks, and optimize identity management processes.

Updated 4 days ago