Register Today
Get clear on your access management vocabulary, fast.
Attributes are fields that exist on an object that says something about it.
Read more
A resource is a fundamental part of the access vocabulary. In a subject-object-verb structure of access, a resource is the object being accessed.
A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.
Tags are similar to attributes, but they are less structured.
Permissions are the atomic building block of access. In a subject-object-verb structure of access, permissions are the verb of access.
Authentication answers the question: Who am I?
Authorization answers the question: What can I do?
Birthright access is a type of access management that grants users access to all resources, systems, and applications within an organization by default, based on their role or job title
Reserved for emergencies, breakglass access allows authorized employees to bypass normal access controls to gain immediate access to critical systems
Context based access management uses contextual information, such as location, time, device type, and user behavior, to determine whether to grant access to a resource or not.
Group Based Access Control, or GBAC, is a form of authorization based on groups defined for a user.
Identity governance administration (IGA) is the process of managing user identities and permissions within an organization
Just-in-time access (JIT access) allows users to gain access to resources on an as-needed basis, for a limited time, and only for the specific task or function they need to perform.
Least privilege is a principle in access management that states that users should be granted only the minimum level of access required to perform their job functions or tasks. This limits user access to resources and reduces the risk of accidental or intentional misuse or exposure of sensitive data
On-Call access management is about applying the principle of least privilege during on-call schedules, ensuring that the right people have the right level of access for the right amount of time
Privileged access management (PAM) is the process of managing and monitoring access to critical systems and resources by privileged users, such as system administrators
SAML is primarily used for single sign-on (SSO) authentication between applications or systems. It is a standard for exchanging authentication data between an identity provider (such as Okta or Azure AD) and a service provider (such as AWS or Salesforce)).
SCIM is a standard for automating user provisioning. It is used to manage user identities across multiple systems and domains, ensuring that user data is consistent across different platforms
Session-based access management is a form of access control that grants temporary access to users for a specific session, instead of providing permanent access through static credentials
A group is a collection of users with a shared set of permissions.
Role Based Access Control, or RBAC, is one type of authorization based on roles defined for a user.
User access review is the process of verifying that employees, contractors, and other personnel have access only to the information and resources they need to perform their job functions.
A policy is a rule that determines access.
Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.
It makes sense to think of access in a subject-object-verb model.
Get in touch with our team to learn more!