IAM Dictionary

Identity Management, Learning the Language

When I first took an interest in coffee, I had a lot to learn; years later, not much has changed; I still have a lot to learn.  One of the first initiatives I undertook was learning the lingo.  I learned about Arabica and Robusta varietals, espresso and cappuccino, blended and local sourced beans, and on and on.  Like with any new pursuit, half the fun is in learning about it!

I was fortunate enough to have been associated with the identity management field from its inception, so as the lingo grew, I was there, learning it along with its advent.  Most will not have that experience and not knowing the lingo can be a real hindrance to understanding how a solution comes together.  In fact, I have had many conversations with organizations where I was confident I knew what I was talking about, but they were in a totally different “coffee grove” than I was.

In the end we were able to bring the conversation together, but only after we backed up and set some expectations around certain  industry terms.  In order to help you level-set on industry terms, I have compiled a short list.

Access Management – The processes and technology implemented to grant authorized users access to utilize a service; while preventing non-authorized users.

Authentication – The process of verifying an identity against an identity repository, often times a directory or a database of user credentials.

Authorization – The process of granting or denying a user credential access to a network resource.

De-provisioning – The process of removing user credentials from an identity repository, and in turn, terminating access privileges.

Entitlement – The set of attributes that create the rights and privileges of a user entity as it refers to their access in the organization or as it pertains to a specific application.

Federation – Federation is an arrangement that is made between enterprises that lets subscribers use their local organizations identification data to authenticate and be authorized in order to obtain access to resources owned and maintained by the partner organization. 

Identity Repository – Sometimes referred to as other names such as an identity vault, meta repository, LDAP directory, user data store, etc.  This user store is often times where a form of authentication and authorization will take place as well as attribute data collection that will identity a user in the environment. 

Provisioning – The process of creating identities, defining their access privileges and adding them to an identity repository

Single Sign-on – The process of utilizing a unified logon used for authenticating a user to an identity repository; once authenticated the user can navigate to other authorized applications and through various mechanisms be logged into to those applications without further credential prompts 

Synchronization – The process of sending or receiving user data in order to ensure that multiple identity stores (i.e. applications, directories, databases, etc.) are consistent with the authoritative systems 

User Lifecycle Management – The processes and technologies for maintaining and updating digital identities such as synchronization, provisioning, de-provisioning, and the ongoing management of user attributes, credentials and entitlements

I hope this helps in whatever endeavors you are chasing in the IdM universe; just remember to take it slow and never forget your coffee cup!

Nathan Wiehe


Nathan is the VP of Integration Services, he has been working in the IAM space for over 15 years. He enjoys writing and drinking coffee, not necessarily in that order.

Latest posts by Nathan Wiehe (see all)