Home
Resources
Glossary
Opal Terms
Opal Terms
API
An API, which stands for application programming interface, is how systems talk to one another.
Learn more
Opal Terms
Attribute
Attributes are fields that exist on an object that says something about it.
Learn more
Opal Terms
Permission Group
A group is a collection of users with a shared set of permissions.
Learn more
Opal Terms
Permissions
Permissions are the atomic building block of access. In a subject-object-verb structure of access, permissions are the verb of access.
Learn more
Opal Terms
Resources
A resource is a fundamental part of the access vocabulary. In a subject-object-verb structure of access, a resource is the object being accessed.
Learn more
Opal Terms
Roles
A role is simply a collection of permissions. If a user assumes a role, they can take any of the actions associated with those permissions.
Learn more
Opal Terms
Subject-Object-Verb Model of Access
It makes sense to think of access in a subject-object-verb model.
Learn more
Types of Access
Types of Access
Attribute Based Access Control (ABAC)
Attribute Based Access Control, or ABAC, is a type of authorization based on attributes defined for a user.
Learn more
Types of Access
Context-Based Access Management
Context based access management uses contextual information, such as location, time, device type, and user behavior, to determine whether to grant access to a resource or not.
Learn more
Types of Access
Group Based Access Control (GBAC)
Group Based Access Control, or GBAC, is a form of authorization based on groups defined for a user.
Learn more
Types of Access
Least Privilege
Least privilege is a principle in access management that states that users should be granted only the minimum level of access required to perform their job functions or tasks. This limits user access to resources and reduces the risk of accidental or intentional misuse or exposure of sensitive data.
Learn more
Types of Access
Role Based Access Control (RBAC)
Role Based Access Control, or RBAC, is one type of authorization based on roles defined for a user.
Learn more
Types of Access
Session-Based Access Management
Session-based access management is a form of access control that grants temporary access to users for a specific session, instead of providing permanent access through static credentials.
Learn more
Access Management
Access Management
Birthright Access
Birthright access is a type of access management that grants users access to all resources, systems, and applications within an organization by default, based on their role or job title
Learn more
Access Management
Breakglass Access
Reserved for emergencies, breakglass access allows authorized employees to bypass normal access controls to gain immediate access to critical systems
Learn more
Access Management
Identity Governance Administration
Identity governance administration (IGA) is the process of managing user identities and permissions within an organization.
Learn more
Access Management
Just-in-Time Access
Just-in-time access (JIT access) allows users to gain access to resources on an as-needed basis, for a limited time, and only for the specific task or function they need to perform.
Learn more
Access Management
On-Call Access Management
On-Call access management is about applying the principle of least privilege during on-call schedules, ensuring that the right people have the right level of access for the right amount of time.
Learn more
Access Management
Privileged Access Management
Privileged access management (PAM) is the process of managing and monitoring access to critical systems and resources by privileged users, such as system administrators
Learn more
Access Management
User Access Review
User access review is the process of verifying that employees, contractors, and other personnel have access only to the information and resources they need to perform their job functions.
Learn more
AuthN & AuthZ
SAML & SCIM
SAML & SCIM
SAML
SAML is primarily used for single sign-on (SSO) authentication between applications or systems. It is a standard for exchanging authentication data between an identity provider (such as Okta or Azure AD) and a service provider (such as AWS or Salesforce)).
Learn more
SAML & SCIM
SCIM
SCIM is a standard for automating user provisioning. It is used to manage user identities across multiple systems and domains, ensuring that user data is consistent across different platforms.
Learn more