Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.
Group Based Access Control, or GBAC, is a form of authorization based on groups defined for a user.
Identity Providers (IDPs) serve as the source of truth for your users (their attributes, profile pictures, etc.) and the groups they are part of.
Permissions are the atomic building block of access. In a subject-object-verb structure of access, permissions are the verb of access.
A resource is a fundamental part of the access vocabulary. In a subject-object-verb structure of access, a resource is the object being accessed.
Role Based Access Control, or RBAC, is one type of authorization based on roles defined for a user.
A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.
When you have one user that needs access to multiple apps, you can implement single sign-on (SSO) via a SAML protocol.
SCIM is a newer version of the SAML protocol which allows for the automation of user provisioning. Like SAML, it is a protocol that facilitates single sign-on.
It makes sense to think of access in a subject-object-verb model.