Categories
Search
Search Glossary Terms
No glossary terms found.
Advisory Services
Advisory
Identity and Access Governance forcused professional guidance provided to organizations to help them make informed decisions about technology, security, and business tactices and strategies. These services can include risk assessments, compliance reviews, gap analysis and strategic planning to align IT initiatives with business outcome goals. People and process as well as technology are carefully considered in providing IGA focused Advisory.
Text LinkText LinkText Link
Machine Governance
Non-Human Identity
Policies and controls that regulate the behavior and decision-making of automated systems. It ensures accountability and ethical use of AI and automation.
Text LinkText LinkText Link
Single Sign-On
Authentication
A user authentication process that allows a user to access multiple applications with one set of login credentials.
Text LinkText LinkText Link
Zero Trust
Advisory
Zero Trust is a security model that requires explicit verification of identity and access rights for every request, while enforcing the principle of least privilege and assuming no inherent trust. It continuously evaluates risk by validating the user, device, and session in real time. It is commonly implemented through controls such as conditional access, multi-factor authentication (MFA), and governance policies, and minimizes attack surfaces by enforcing strict identity and access controls across all IT or network layers.
Text LinkText LinkText Link
User Acceptance
Deployment + Integration
The process of validating that a system or solution meets user needs and is ready for deployment. Successful user acceptance ensures smooth adoption and minimizes resistance during implementation.
Text LinkText LinkText Link
Two-Factor Authentication (2FA)
Authentication
A subset of Multi-Factor Authentication (MFA) using exactly two distinct factors for verification.
Text LinkText LinkText Link
Tactical Account Manager (TAM)
Managed Operations
A role focused on managing client accounts with short-term, tactical objectives to meet immediate needs. They often act as a liaison between clients and internal teams to ensure timely delivery of solutions.
Text LinkText LinkText Link
System for Cross-domain Identity Management (SCIM)
Protocol
A standardized protocol that gives applications a consistent way to create, read, update, and deactivate user accounts. Before SCIM, every application had its own proprietary method for managing user records � different APIs, different data formats, different field names for the same information. SCIM provides a common language, enabling identity systems and applications to exchange user data the same way regardless of vendor. It defines both the schema (how user attributes like name, email, and group membership are structured) and the operations (how to create, modify, or remove accounts) over a standard REST API.
Text LinkText LinkText Link
Software Development Lifecycle (SLDC)
Managed Operations
A structured process for planning, creating, testing, and deploying software applications. It ensures quality and consistency by following defined phases such as design, development, and maintenance.
Text LinkText LinkText Link
SkyDock
Solution
SkyDock is a specialized migration tool designed to automate and simplify migrations between Idira, formerly CyberArk, environments.
Text LinkText LinkText Link
Service Provider (SP)
Component
An application or system that relies on an Identity Provider to authenticate its users rather than managing its own login process. When a user clicks "Sign in with SSO" on a business application, that application is acting as a Service Provider. It redirects to the IdP, which verifies the user's identity and sends confirmation back. This separation means the application never sees the user's password, and the organization controls authentication centrally.
Text LinkText LinkText Link
Service Account
Identity Governance
A special account used by applications or services to interact with systems instead of a human user. These accounts require strict monitoring due to elevated privileges.
Text LinkText LinkText Link
Separation of Duties (SoD)
Identity Governance
A security principle that divides critical tasks among multiple individuals to prevent fraud or errors. It reduces risk by ensuring no single person has complete control over sensitive processes.
Text LinkText LinkText Link
Security Assertion Markup Language (SAML)
Protocol
An XML-based standard for exchanging authentication and authorization data between an Identity Provider and a Service Provider. SAML is the most widely used protocol for enterprise single sign-on (SSO) to SaaS and web applications. When an employee signs in through a corporate portal and gets access to Salesforce, Workday, or ServiceNow without a separate login, SAML is typically handling that exchange. It is mature and well-established but limited to browser-based interactions.
Text LinkText LinkText Link
SailPoint IdentityNow (IDN)
SailPoint
SailPoint's original cloud-based SaaS identity governance platform. IdentityNow provides core IGA capabilities including access certifications, provisioning, access requests, and password management and is delivered as a multi-tenant cloud service.
Text LinkText LinkText Link
SailPoint Identity Security Cloud (ISC)
SailPoint
SailPoint�s cloud-based identity governance platform that helps organizations manage and secure user access to applications, data, and systems across hybrid environments. It enables capabilities such as identity governance, access reviews, provisioning, and risk-based identity insights to strengthen security and compliance. It's built on the Atlas platform, which provides ISC's doundational services, including a unified data model, orchestration engine, machine learning, and a connectivity and extensibility framework . ISC is available in three tiers (Standard, Business, Business Plus) .
Text LinkText LinkText Link
Role-Based Access Control (RBAC)
Identity Governance
A method of restricting system access based on a user�s role within an organization. It simplifies permission management by grouping privileges according to job responsibilities. Permissions are assigned via roles, and roles encapsulate allowed operations and are granted to identities. Attribute-Based Access Control adds attribute conditions like job title, file type, or IP address, to refine decisions.
Text LinkText LinkText Link
Role Optimization
Privileged Identity
The process of refining user roles to eliminate unnecessary permissions and reduce risk. It improves security by aligning access rights with actual job responsibilities.
Text LinkText LinkText Link
Role Mining
Privileged Identity
An analytical process that examines existing permissions to create efficient role structures. It helps organizations simplify access management and enforce least privilege.
Text LinkText LinkText Link
Reserved Identifier Handling
Protocol
The practice of recognizing, protecting, and properly processing special or preassigned identifiers that have a defined meaning within a system. It helps prevent conflicts, errors, and security issues by ensuring those identifiers aren�t used or modified in unintended ways. For example, a system may reserve identifiers like �admin,� �root,� or �system� so they cannot be assigned to regular user accounts.
Text LinkText LinkText Link
Privileged Identity Management (PIM)
Privileged Identity
A subset of PAM that focuses on managing and granting just-in-time, time-bound privileged access to users, reducing the risk of excessive or permanent permissions.
Text LinkText LinkText Link
Privileged Access Management (PAM)
Identity Governance
Security practice that controls and monitors access to critical systems and sensitive data by privileged accounts, reducing the risk of misuse or compromise. It enforces strict authentication, session management, and auditing to protect high-level credentials from cyber threats.
Text LinkText LinkText Link
Password Vaulting
Security
Secure storage and management of passwords in an encrypted repository to reduce risk of credential theft. It simplifies password management for users while enforcing strong security policies.
Text LinkText LinkText Link
OrchestratID
Product
OrchestratID is an advanced low-code workflow automation and orchestration tool that allows organizations to automate and standardize monotonous labor-intensive tasks. It extends across leading IAM and business applications via HTTP, easing complex provisioning, migrations and integrations, and data aggregation.
Text LinkText LinkText Link
Optical Character Recognition (OCR)
Tool
A technology that converts printed or handwritten text from images or scanned documents into machine-readable digital text. It enables automated data extraction, text search, and document digitization for easier storage and processing.
Text LinkText LinkText Link
OpenID Connect (OIDC)
Protocol
An authentication layer built on top of OAuth 2.0 that adds identity verification. Where OAuth alone only handles authorization (what can this app do?), OIDC answers the identity question (who is this person?). It issues ID tokens containing user information such as name, email, and group memberships. OIDC is the standard behind most modern "Sign in with..." experiences and is increasingly used alongside or in place of SAML for enterprise SSO, particularly for mobile and API-driven applications.
Text LinkText LinkText Link
Open Authorization (OAuth)
Protocol
A standard that allows users to grant an application limited access to their resources on another service without sharing their credentials. OAuth governs authorization - what an application is allowed to do, not who the user is. For example, when a third-party app requests permission to read a calendar or post on behalf of a user, OAuth defines how that permission is granted, scoped, and revoked. It is the foundation for most modern API security.
Text LinkText LinkText Link
Non-Human Identity (NHI)
Non-Human Identity
A digital identity used by software, services, workloads, devices, or automated processes rather than a human user. NHIs enable machine-to-machine authentication and authorization across systems, applications, and data, and must be governed across credentials, permissions, ownership, and lifecycle to support security, accountability, and least-privilege access.
Text LinkText LinkText Link
Non-Employee Risk Management (NERM)
SailPoint
A SailPoint SaaS solution that provides workflows to support the onboarding, maintenance, and offboarding of non-employees or other users who are not tracked through a Human Resource platform. The product was formerly known as SecZetta.
Text LinkText LinkText Link
NomadID
Product
A solution designed to ensure secure identity and access management capabilities in edge environments. It ensures secure access for federal agencies operating in Disconnected, Denied, Intermittent, and/or Limited Bandwidth (DDIL) environments.
Text LinkText LinkText Link
Multi-Factor Authentication (MFA)
Authentication
A security method that requires users to verify their identity using two or more distinct types of evidence before gaining access. The three factor categories are something you know (password, PIN), something you have (phone, security key, smart card), and something you are (fingerprint, facial recognition, other biometrics). MFA significantly reduces the risk of unauthorized access because a compromised password alone is no longer enough to log in.
Text LinkText LinkText Link
Microsoft Identity Manager (MIM)
Microsoft
MIM is an on-premises identity and access management solution used to automate user provisioning, synchronize identity data, and support self-service identity workflows. It helps organizations manage identities across Active Directory, applications, and other connected systems.
Text LinkText LinkText Link
Microsoft Entra Verified ID
Microsoft
A decentralized identity service that allows individuals and organizations to create and verify digital credentials. It enhances privacy and security by giving users control over their identity data.
Text LinkText LinkText Link
Microsoft Entra Suite
Microsoft
A comprehensive set of identity and network access solutions offered by Microsoft under the Entra brand. It includes tools for identity governance, secure access, and verification across hybrid and cloud environments. It provides a single Security Service Edge (SSE) platform with key features like Entra ID, Entra Private Access, Entra Internet Access, ID Protection, and ID Governance, enabling least privilege access, conditional access, and threat detection for a secure, modern workforce.
Text LinkText LinkText Link
Microsoft Entra Private Access
Microsoft
A service that provides secure, identity-based access to private applications without relying on traditional VPNs. It supports Zero Trust principles by verifying every connection before granting access.
Text LinkText LinkText Link
Microsoft Entra Network Access
Microsoft
A cloud-based solution that enables secure connectivity to resources across hybrid networks. It combines identity-driven access with network security to protect sensitive data and applications.
Text LinkText LinkText Link
Microsoft Entra ID Governance
Microsoft
Capabilities to automate and audit identity lifecycle, access lifecycle, and privileged access (e.g., lifecycle workflows, access reviews, entitlement management, and PIM). Microsoft Entra ID Governance helps organizations ensures proper management of identities and access rights through policies and automation. It helps organizations maintain compliance by enforcing least privilege and conducting access reviews.
Text LinkText LinkText Link
Microsoft Entra ID
Microsoft
Formerly Azure Active Directory, Microsoft Entra ID is a cloud-based identity and access management service that helps organizations securely manage user identities and access to applications. It provides authentication, authorization, and conditional access controls for users and devices.
Text LinkText LinkText Link
Managed Security Service Provider (MSSP)
Managed Operations
A third-party company that provides outsourced monitoring and management of security systems and devices. MSSPs offer services like threat detection, incident response, and compliance support.
Text LinkText LinkText Link
Managed Operations Services (MOPS)
Managed Operations
Outsourced services that handle day-to-day IT operations, including monitoring and maintenance. These services help organizations reduce operational overhead and improve system reliability.
Text LinkText LinkText Link
Liveness Detection
Security
A biometric security feature that ensures the subject is a live person, not a spoof or fake representation. It prevents fraud in facial recognition and other biometric systems. Liveness detection is also referred to as Presentation Attack Detection (PAD) and Liveness Attack Detection (LAD).
Text LinkText LinkText Link
Lightweight Directory Access Protocol (LDAP)
Protocol
A standardized protocol for querying and managing directory services - the structured databases that organize information about users, groups, devices, and other network resources in a hierarchical format. LDAP defines how systems ask questions of a directory (look up a user, check group membership, validate credentials) and how the directory responds, regardless of which directory product is behind it. It is the common protocol underlying Microsoft Active Directory, Oracle Internet Directory, and other directory platforms. While newer cloud directories increasingly use REST APIs, LDAP remains the standard for on-premises and hybrid environments.
Text LinkText LinkText Link
Least Privilege Access
Identity Governance
A security principle granting users only the permissions necessary to perform their tasks. This minimizes potential damage from compromised accounts.
Text LinkText LinkText Link
Kerberos
Protocol
A network authentication protocol that allows users and services to prove their identity to each other without sending passwords across the network. Instead of transmitting credentials directly, Kerberos uses a trusted third party to issue encrypted tickets that grant access to resources. Originally developed at MIT, Kerberos is the default authentication protocol in Microsoft Active Directory environments and is also widely used in Linux and Unix systems.
Text LinkText LinkText Link
Just-in-Time Access Control (JIT)
Identity Governance
Grant only the minimum permissions needed, for the shortest time, and only to perform specific tasks. This approach reduces the exposure of sensitive systems to potential insider threats or compromised accounts.
Text LinkText LinkText Link
Incident Management
Managed Operations
The process of detecting, responding to, and resolving security or operational incidents to minimize impact. It includes root cause analysis and implementing preventive measures to avoid recurrence.
Text LinkText LinkText Link
IDProof+
Solution
An enhanced identity proofing solution that verifies user identities through multiple factors. It strengthens authentication by combining document checks, biometrics, and risk analysis.
Text LinkText LinkText Link
Idira
Idira (formerly CyberArk)
Formerly CyberArk, Idira is a leading privileged access management solution that secures high-level accounts and credentials. It reduces risk by enforcing least privilege and monitoring privileged sessions.
Text LinkText LinkText Link
IdentityScout
Product
IdentityScout is an automated solution for discovering, securing, and onboarding privileged accounts across complex, multi-platform IT environments. It integrate seamlessly with Idira, formerly CyberArk, to help eliminate manual effort, reducing security risks and ensuring continuous compliance without disrupting existing workflows.
Text LinkText LinkText Link
IdentityLens
Product
IdentityLens provides real-time, cross-platform visibility into identity-related data and activities across your identity ecosystem. It helps organizations detect and analyze anomalies and improve identity governance in a centralized platform.
Text LinkText LinkText Link
Identity, Credentialing, and Access Management (ICAM)
General
A comprehensive framework for managing identities, credentials, and access rights. It ensures secure and compliant access to systems and resources.
Text LinkText LinkText Link
Identity Verification (IDV)
Authentication
The process of confirming that a person�s claimed identity is genuine. It typically uses documents, biometrics, or trusted data sources for validation.
Text LinkText LinkText Link
Identity Threat Detection and Response (ITDR)
Protocol
A security discipline focused on detecting and responding to attacks that target user identities and access credentials. As organizations move to cloud-first environments where identity replaces the network perimeter as the primary security boundary, attackers have shifted tactics accordingly. Credential theft, token hijacking, privilege escalation, and MFA bypass are now among the most common attack vectors. ITDR combines behavioral analytics, real-time monitoring, and automated response to detect compromised accounts and stop identity-based attacks before they escalate.
Text LinkText LinkText Link
Identity Security Posture Management (ISPM)
Protocol
A cybersecurity framework that continuously assesses and improves the security of identity systems by identifying misconfigurations, excessive privileges, risky accounts, and policy gaps across environments. It helps organizations reduce identity-related risk by providing visibility, prioritizing issues, and supporting remediation.
Text LinkText LinkText Link
Identity Roadmap
Advisory
A strategic and tactical plan outlining steps to progress and manage identity, access, and governance for an organization or enterprise as a whole. It typically includes timelines, technology adoption strategies, governance policies, and organizational and process shifts to ensure secure identity and governance practices.
Text LinkText LinkText Link
Identity Provider (IdP)
Component
A system that authenticates users and confirms their identity to other applications. When someone logs in once and gains access to multiple apps without signing in again, an Identity Provider is doing that work. Common examples include Microsoft Entra ID, Okta, and Ping Identity. The IdP stores user credentials, enforces authentication policies like MFA, and issues security tokens that other systems trust.
Text LinkText LinkText Link
Identity Modernization
Deployment + Integration
The updating of legacy identity and access and governance systems and processes to align with modern security frameworks and standards, technologies, and best practices. This modernization can often involve migrating on-premises systems to the cloud, integrating cloud-based identity solutions, enabling multi-factor authentication, applying least privilege, zero trust, and creating secure, dynamic access policies.
Text LinkText LinkText Link
Identity Governance & Administration (IGA)
Identity Governance
The framework and processes that ensure the right individuals have appropriate access to technology resources while maintaining compliance with organizational policies and regulations. Compliance is ensured by automating provisioning, de-provisioning, and access reviews.. It focuses on managing identities, roles, and entitlements to reduce risk and enforce security controls across the enterprise.
Text LinkText LinkText Link
Identity Continuity
General
The ability to maintain identity services and access during disruptions or migrations. It ensures seamless user experience and security even in changing environments.
Text LinkText LinkText Link
Identity and Access Management (IAM)
Advisory
A framework of policies and technologies for ensuring that identities (human, non-human, AI) have the right access to the right resources for the right reason at the right time. IAM encompases people, process, and tecnology striving to manage what identities can access across apps and data, typically via authentication, authorization, and lifecycle management.
Text LinkText LinkText Link
Hybrid Identity
General
A security and access model that integrates on-premises identity systems (like Active Directory) with cloud-based identity services, enabling a unified authentication and management experience across both environments. It allows organizations to maintain consistent user identities while leveraging the scalability and flexibility of the cloud.
Text LinkText LinkText Link
Hybrid Cloud
General
An IT architecture that combines public and private cloud environments, allowing data and applications to move seamlessly between them. This approach provides flexibility, scalability, and cost efficiency while maintaining control over sensitive workloads.
Text LinkText LinkText Link
HorizonID
Solution
A forward-looking identity management solution that integrates advanced technologies for scalability. It focuses on future-proofing identity systems for evolving security needs.
Text LinkText LinkText Link
High-Assurance Identity (HAI)
Authentication
An identity verification approach that provides strong confidence in the authenticity of a user. It often involves multi-factor authentication and rigorous proofing standards.
Text LinkText LinkText Link
Governance, Risk, Compliance (GRC)
Identity Governance
A framework that ensures an organization aligns its operations with strategic objectives, manages risks effectively, and adheres to regulatory requirements. It integrates policies, processes, and controls to maintain accountability, reduce risk exposure, and ensure compliance across the enterprise.
Text LinkText LinkText Link
External Identity Management
Customer Identity
Management of identity and access for external users like customers, vendors, partners, contractors and third parties - any group outside the organization's internal workforce. This includes patterns for collaboration with guests and enablement of cross-tenant access with policy controls.
Text LinkText LinkText Link
External Identity (B2B/B2C)
Customer Identity
Users outside your organization's internal workforce such as customers (B2C), vendors, partners, and other third parties (B2B).
Text LinkText LinkText Link
Entitlement Management
Identity Governance
The process of defining, granting, reviewing, and removing user access to applications, data, and resources based on roles, policies, and business needs. It helps organizations ensure people have the right access at the right time while reducing security and compliance risk.
Text LinkText LinkText Link
Endpoint Discovery
Deployment + Integration
Identifying and cataloging all devices connected to a network to ensure proper security management. This process helps organizations maintain visibility and enforce compliance across all endpoints.
Text LinkText LinkText Link
Edge Environment
General
A computing setup where data processing occurs close to the source rather than in centralized data centers. Identity solutions here must handle distributed authentication and security controls.
Text LinkText LinkText Link
Dynamic Access Control
Identity Governance
A system that uses real-time conditions and policies to determine access permissions dynamically. It adapts to changing contexts such as user location, device health, and risk level.
Text LinkText LinkText Link
Disconnected, Denied, Intermittent, and/or Limited Bandwidth Environment (DDIL)
General
A scenario where network connectivity is unreliable or unavailable. Identity solutions in such environments must support offline authentication and synchronization.
Text LinkText LinkText Link
Digital Wallet
General
A secure application that stores digital credentials, payment information, and identity data. It enables convenient and secure transactions across online and offline platforms. Common examples inclue a Mobile Driver's License (mDL) and European Digital Identity (EUDI) wallet.
Text LinkText LinkText Link
Digital Transformation
Advisory
The integration of digital technologies into all areas of a business to improve operations and deliver value to to the business. Common goals of a digital transformation is to drive innovation, enhance customer experiences, advance the business, and enable data-driven decision-making.
Text LinkText LinkText Link
Decentralized Identity (DID)
General
Decentralized Identity (DID), also known as Self-Sovereign Identity (SSI), is a model where individuals control their own identity data using blockchain or distributed technologies. It reduces reliance on centralized authorities and enhances privacy.
Text LinkText LinkText Link
Customer Identity and Access Management (CIAM)
Customer Identity
A system that manages and secures customer identities while providing seamless access to digital services. It enhances user experience through features like single sign-on, multi-factor authentication, and consent management.
Text LinkText LinkText Link
CredSafe
Product
CredSafe is a CyberArk credential recovery tool. It's a secure, purpose-built contingency solution that ensures uninterrupted access to privileged credentials when CyberArk is offline.
Text LinkText LinkText Link
Credential Recovery
General
The process of restoring lost or compromised user credentials to regain access to systems. It typically involves identity verification steps to ensure the rightful owner is recovering the account.
Text LinkText LinkText Link
Conjur-Hashi Integration Proxy (CHIP)
Idira (formerly CyberArk)
CHIP is a component that enables secure integration between CyberArk Conjur and HashiCorp tools by acting as a bridge for secrets retrieval and authentication. It simplifies how applications running in HashiCorp environments (like Vault or Terraform workflows) securely access secrets stored in Conjur without exposing credentials directly. CHIP proxies HashiCorp�s API, making it possible to decommission HashiCorp Vault while allowing applications to make Hashi-style API requests to CHIP with no code change.
Text LinkText LinkText Link
Cloud Service Provier (CSP)
General
A company that delivers computing services�such as storage, processing power, networking, and software�over the internet. Instead of maintaining on?premises infrastructure, organizations can access and scale these services on demand through the provider�s cloud platform.
Text LinkText LinkText Link
Behavioral Authentication
Authentication
A security method that verifies identity based on user behavior patterns such as typing speed or mouse movements. It adds an extra layer of protection by detecting anomalies in real time.
Text LinkText LinkText Link
Authorization
Identity Governance
Authorization is the process of determining what an authenticated user is allowed to access or do within a system based on their assigned permissions and policies.
Text LinkText LinkText Link
authID
Solution
AuthID is a tech company that provides biometric identity verificiation (IDaaS) for busineses using faction scans for secure, passwordless login, account recovery, and fraud prevention.
Text LinkText LinkText Link
Authentication
Authentication
Authentication is the process of verifying that a user or system is who they claim to be before granting access. It typically involves validating credentials such as passwords, biometrics, or security tokens.
Text LinkText LinkText Link
Artificial Intelligence (AI)
Non-Human Identity
A broad class of technologies that enables machines and software to perform tasks that traditionally require human intelligence, including understanding language, identifying patterns, reasoning, generating content, and making predictions. Within IAM, AI is used to enhance threat detection, automate manual processes, improve behavioral analytics, and support more adaptive, risk-aware security decisions.
Text LinkText LinkText Link
AI Agent
Non-Human Identity
A software entity that uses AI capabilities, often including reasoning, memory, planning, and tool use, to pursue a goal, take actions, and respond to changing inputs with limited human intervention.
Text LinkText LinkText Link
Agentic AI
Non-Human Identity
A design approach or class of AI systems in which AI is given goals, context, and the ability to plan, act, and adapt over multiple steps, rather than only responding to a single prompt or instruction. Agentic AI may be implemented as one agent or as multiple coordinating agents.
Text LinkText LinkText Link
Access Packages
Identity Governance
Access packages bundle permissions for easier assignment and governance. Self?service, policy?driven bundles of groups/apps/sites with approvals, expirations, and delegated administration for internal and external users.
Text LinkText LinkText Link
CyberArk Privilege Cloud (CPC)
Idira (formerly CyberArk)
CyberArk�s cloud-based platform for managing and securing privileged access across hybrid environments. It provides centralized control, session monitoring, and compliance reporting for privileged accounts.
Text LinkText LinkText Link
CyberArk Export Vault Data (EVD)
Idira (formerly CyberArk)
A solution within CyberArk designed to manage and rotate privileged passwords automatically. It helps organizations enforce security policies and reduce the risk of credential compromise.
Text LinkText LinkText Link
CyberArk Enterprise Password Vault (EPV)
Idira (formerly CyberArk)
A secure repository that stores and protects privileged account credentials, keys, and sensitive information. It uses layered encryption and access controls to safeguard data against unauthorized access.
Text LinkText LinkText Link
CyberArk Central Credential Provider (CCP)
Idira (formerly CyberArk)
A component of CyberArk that delivers secure, on-demand access to privileged credentials for applications and scripts. It eliminates hard-coded passwords by dynamically retrieving credentials from the CyberArk Vault at runtime.
Text LinkText LinkText Link
Device Management
Deployment + Integration
Monitoring, securing, and maintaining devices such as laptops, smartphones, and IoT endpoints within an organization. Effective device management ensures data protection and operational efficiency.
Text LinkText LinkText Link
Application Access Governance (AAG)
Saviynt
The process of managing and controlling user access to applications to ensure security, compliance, and proper authorization. It provides visibility into who has access to what and enforces policies to prevent unauthorized access and reduce risk.
Text LinkText LinkText Link
AI Workbook
Tool
A resource or toolset for implementing AI-driven identity and access management strategies. It provides guidelines, models, and workflows for automation and analytics.
Text LinkText LinkText Link
Access-Based Access Controls (ABAC)
Identity Governance
A method of controlling system access based on attributes associated with a user, resource, action, or environment. ABAC evaluates policies that consider characteristics such as department, job function, data classification, location, or time of access. This approach enables more dynamic and context-aware access decisions than role-based models by allowing permissions to be granted or denied based on multiple conditions at the time of the request.
Text LinkText LinkText Link
Access Risk Management (ARM)
SailPoint
A SailPoint SaaS solution that provides real-time risk analysis and Separation of Duties controls for SAP and other ERP systems, preventing access violations before provisioning and monitoring for fraudulent activity across transaction-level access.
Text LinkText LinkText Link
Access Reviews, Access Audits
Identity Governance
Periodic evaluations of user permissions to ensure they align with job responsibilities to help maintain compliance and reduce unauthorized access.
Text LinkText LinkText Link
Active Directory Federation Services (ADFS)
Microsoft
On-premises federation for single sign-on (SSO) to claims-aware apps using WS-Fed/SAML. ADFS enables SSO by federating identities across different organizations or applications. It uses claims-based authentication to provide secure access without multiple logins.
Text LinkText LinkText Link
Active Directory (AD)
Microsoft
A directory service developed by Microsoft for managing users, computers, and resources in a networked environment. It provides authentication, authorization, and centralized management for Windows-based systems and often coexists with Microsoft Entra ID in hybrid architectures.
Text LinkText LinkText Link