<  Terminology  >

IAM Terminology

Online definitions of IAM terms and concepts

  • IAM

    IAM

    Identity and Access Management
  • Identity Federation

    Identity Federation

    Identity Federation refers to the establishment of mutual trust among multiple applications for federated authentication across different systems.
  • 2C Management

    2C Management

    Identity management for customers.
  • 2B Management

    2B Management

    Identity management for business partners.
  • Social Authentication

    Social Authentication

    An authentication method that leverages mutual trust between applications and social platforms, allowing users to verify their identities using social accounts such as WeChat, QQ, Weibo, or DingTalk.
  • User Profiling

    User Profiling

    Offers multi-dimensional basic attributes, visit intent, and industry trend analysis to help users understand target audiences, identify emerging topics, and optimize content operations, enabling comprehensive network analysis to uncover potential traffic and maximize the value of user profiling.
  • Digital Identity

    Digital Identity

    The online representation of an individual, organization, or device within cyberspace. With IAM technologies, it maps physical-world identities to their digital counterparts.
  • SCIM

    SCIM

    System for Cross-domain Identity Management
  • Authentication

    Authentication

    Authentication verifies user identity, addressing the "Who are you?" question with methods such as CA digital certificates, fingerprints, or one-time passwords.
  • 2E Management

    2E Management

    Identity management for employees.
  • Integrated Authentication

    Integrated Authentication

    Enables organizations to quickly adopt various authentication methods through a unified, plug-and-play architecture with standardized APIs. The framework also supports flexible authentication workflows and configurable security levels for dynamic authentication management.
  • Device Fingerprint

    Device Fingerprint

    A unique identifier generated from a device’s hardware, OS, network, and status attributes using proprietary encryption. The device fingerprint can be linked to user identities to enhance authentication security.
  • IDM

    IDM

    Identity Management
  • CAS

    CAS

    Central Authentication Service
  • Identity Credential

    Identity Credential

    The identifier a user employs to gain access to information resources, such as passwords, PKI certificates, or biometric data (including fingerprints, iris scans, facial recognition, and voice recognition).
  • IoT IDM

    IoT IDM

    Identity Management of Internet of Things
  • FIDO

    FIDO

    Fast IDentity Online
  • UBA

    UBA

    User Behavior Analytics
  • AM

    AM

    Access Management
  • OAuth 2.0

    OAuth 2.0

    An open standard that enables users to grant third-party mobile applications access to information stored with other service providers without sharing their usernames and passwords or disclosing all their data to the third party.
  • Orphan Account

    Orphan Account

    An account that exists in the system but cannot be linked to a specific individual, also known as a ghost account.
  • User Lifecycle Management

    User Lifecycle Management

    User lifecycle management enables automated synchronization, provisioning, deprovisioning, and management of user attributes, credentials, and access entitlements throughout personnel changes such as onboarding, role changes, offboarding, rehire, and retirement.
  • ABAC

    ABAC

    Attribute-Based Access Control
  • Valid Account

    Valid Account

    An account assigned to a specific individual, actively used, and compliant with the organization's internal account management policies.
  • AD

    AD

    Active Directory
  • TBAC

    TBAC

    Task-Based Access Control
  • IDaaS

    IDaaS

    Identity as a Service
  • RBAC

    RBAC

    Role-Based Access Control
  • SSO

    SSO

    Single Sign-On
  • SAML

    SAML

    Security Assertion Markup Language
  • Duplicate Account

    Duplicate Account

    Refers to any of multiple active accounts associated with the same user within an application system.
  • Permission Management

    Permission Management

    The process of controlling user permissions for resources based on predefined security rules or policies, ensuring users can access only the resources they have been explicitly granted permission to use.
  • Dormant Account

    Dormant Account

    An account associated with specific individuals that remain activated but have not been used for an extended period, such as accounts belonging to former employees.
  • PIM

    PIM

    Privileged Identity Management
  • LDAP

    LDAP

    Lightweight Directory Access Protocol
<    >

<  REGULATIONS  >

Policies and Industry Regulations

Both international and domestic regulations place clear requirements on identity security

  • China's Cybersecurity Law

    China's Cybersecurity Law mandates the implementation of a national trusted identity strategy, establishing a trustworthy online identity authentication system as the core of cybersecurity. It supports the research and development of secure, convenient digital identity technologies and promotes mutual recognition across different authentication systems. The law also aims to connect existing online identity systems to build a cross-platform, trusted identity framework.
  • Classified Protection of Cybersecurity 2.0

    Released on May 10, 2019, and effective December 1, 2019, the Classified Protection of Cybersecurity 2.0 standard outlines three core components for identity security: Identity Authentication, Access Control, and Security Auditing.

  • General Data Protection Regulation (GDPR)

    GDPR requires organizations to obtain explicit consent from individuals before using their personal data, with individuals retaining the right to withdraw consent at any time. It mandates that companies map their personal data assets and provide users with a single point of access to correct their information. Additionally, user data must be portable, allowing for transfer from one organization to another upon the user's request.
  • Payment Services Directive 2 (PSD2)

    PSD2 empowers consumers by opening up specific payment functionalities. It imposes extensive security requirements across all layers, including users, endpoints, edges, and frameworks, with a foundational architecture built on confidentiality, integrity, and availability (CIA) and encryption. PSD2 also mandates risk analysis as a critical verification step, assessing factors such as physical location, IP address, time of day, device ID, device fingerprint, and user attributes.
<  COMMON DEMAND  >

Why IAM is Essential Across Industries

  • Government
    While data sharing is fundamental to public services, data security remains the highest priority.
  • Manufacturing
    An IAM framework creates an end-to-end identity security ecosystem, encompassing trusted devices, trusted users, and trusted products.
  • Military
    Technological sovereignty and self-reliance are prerequisites for ensuring national cybersecurity and protecting sensitive information.
  • Automotive

    IAM drives intelligent business management by enabling customer-centric ecosystems and big data.

  • Real Estate
     Unified identity management enpowers the digital transformation of the real estate industry through seamless connectivity.
  • Construction
    IAM helps establish a project-centric identity security and control system to manage access and safeguard critical project data.