Glossary of Terms
This glossary provides definitions for key terms related to non-human identity security and management.
Any identity that is not associated with a human user, such as service accounts, APIs, IoT devices, or applications.
A special type of account used by applications or services to interact with other applications, services, or resources.
A unique identifier used to authenticate a user, developer, or calling program to an API.
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Identity and Access Management, a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.
A principle of giving an identity the minimum levels of access or permissions needed to perform its job functions.
The practice of securely storing, managing, and controlling access to tokens, passwords, certificates, and encryption keys.
A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
Role-Based Access Control, an approach to restricting system access to authorized users based on their role within an organization.
The practice of regularly changing or updating credentials (like passwords or API keys) to reduce the risk of unauthorized access if credentials are compromised.