< Terminology >
IAM Terminology
Online definitions of IAM terms and concepts
-
IAM
IAM
Identity and Access Management -
Identity Federation
Identity Federation
Identity Federation refers to the establishment of mutual trust among multiple applications for federated authentication across different systems. -
2C Management
2C Management
Identity management for customers. -
2B Management
2B Management
Identity management for business partners. -
Social Authentication
Social Authentication
An authentication method that leverages mutual trust between applications and social platforms, allowing users to verify their identities using social accounts such as WeChat, QQ, Weibo, or DingTalk. -
User Profiling
User Profiling
Offers multi-dimensional basic attributes, visit intent, and industry trend analysis to help users understand target audiences, identify emerging topics, and optimize content operations, enabling comprehensive network analysis to uncover potential traffic and maximize the value of user profiling. -
Digital Identity
Digital Identity
The online representation of an individual, organization, or device within cyberspace. With IAM technologies, it maps physical-world identities to their digital counterparts. -
SCIM
SCIM
System for Cross-domain Identity Management -
Authentication
Authentication
Authentication verifies user identity, addressing the "Who are you?" question with methods such as CA digital certificates, fingerprints, or one-time passwords. -
2E Management
2E Management
Identity management for employees. -
Integrated Authentication
Integrated Authentication
Enables organizations to quickly adopt various authentication methods through a unified, plug-and-play architecture with standardized APIs. The framework also supports flexible authentication workflows and configurable security levels for dynamic authentication management. -
Device Fingerprint
Device Fingerprint
A unique identifier generated from a device’s hardware, OS, network, and status attributes using proprietary encryption. The device fingerprint can be linked to user identities to enhance authentication security. -
IDM
IDM
Identity Management -
CAS
CAS
Central Authentication Service -
Identity Credential
Identity Credential
The identifier a user employs to gain access to information resources, such as passwords, PKI certificates, or biometric data (including fingerprints, iris scans, facial recognition, and voice recognition). -
IoT IDM
IoT IDM
Identity Management of Internet of Things -
FIDO
FIDO
Fast IDentity Online -
UBA
UBA
User Behavior Analytics -
AM
AM
Access Management -
OAuth 2.0
OAuth 2.0
An open standard that enables users to grant third-party mobile applications access to information stored with other service providers without sharing their usernames and passwords or disclosing all their data to the third party. -
Orphan Account
Orphan Account
An account that exists in the system but cannot be linked to a specific individual, also known as a ghost account. -
User Lifecycle Management
User Lifecycle Management
User lifecycle management enables automated synchronization, provisioning, deprovisioning, and management of user attributes, credentials, and access entitlements throughout personnel changes such as onboarding, role changes, offboarding, rehire, and retirement. -
ABAC
ABAC
Attribute-Based Access Control -
Valid Account
Valid Account
An account assigned to a specific individual, actively used, and compliant with the organization's internal account management policies. -
AD
AD
Active Directory -
TBAC
TBAC
Task-Based Access Control -
IDaaS
IDaaS
Identity as a Service -
RBAC
RBAC
Role-Based Access Control -
SSO
SSO
Single Sign-On -
SAML
SAML
Security Assertion Markup Language -
Duplicate Account
Duplicate Account
Refers to any of multiple active accounts associated with the same user within an application system. -
Permission Management
Permission Management
The process of controlling user permissions for resources based on predefined security rules or policies, ensuring users can access only the resources they have been explicitly granted permission to use. -
Dormant Account
Dormant Account
An account associated with specific individuals that remain activated but have not been used for an extended period, such as accounts belonging to former employees. -
PIM
PIM
Privileged Identity Management -
LDAP
LDAP
Lightweight Directory Access Protocol
< REGULATIONS >
Policies and Industry Regulations
Both international and domestic regulations place clear requirements on identity security
-
China's Cybersecurity Law
China's Cybersecurity Law mandates the implementation of a national trusted identity strategy, establishing a trustworthy online identity authentication system as the core of cybersecurity. It supports the research and development of secure, convenient digital identity technologies and promotes mutual recognition across different authentication systems. The law also aims to connect existing online identity systems to build a cross-platform, trusted identity framework. -
Classified Protection of Cybersecurity 2.0
Released on May 10, 2019, and effective December 1, 2019, the Classified Protection of Cybersecurity 2.0 standard outlines three core components for identity security: Identity Authentication, Access Control, and Security Auditing.
-
General Data Protection Regulation (GDPR)
GDPR requires organizations to obtain explicit consent from individuals before using their personal data, with individuals retaining the right to withdraw consent at any time. It mandates that companies map their personal data assets and provide users with a single point of access to correct their information. Additionally, user data must be portable, allowing for transfer from one organization to another upon the user's request. -
Payment Services Directive 2 (PSD2)
PSD2 empowers consumers by opening up specific payment functionalities. It imposes extensive security requirements across all layers, including users, endpoints, edges, and frameworks, with a foundational architecture built on confidentiality, integrity, and availability (CIA) and encryption. PSD2 also mandates risk analysis as a critical verification step, assessing factors such as physical location, IP address, time of day, device ID, device fingerprint, and user attributes.
< COMMON DEMAND >
Why IAM is Essential Across Industries
-
GovernmentWhile data sharing is fundamental to public services, data security remains the highest priority.
-
ManufacturingAn IAM framework creates an end-to-end identity security ecosystem, encompassing trusted devices, trusted users, and trusted products.
-
MilitaryTechnological sovereignty and self-reliance are prerequisites for ensuring national cybersecurity and protecting sensitive information.
-
Automotive
IAM drives intelligent business management by enabling customer-centric ecosystems and big data.
-
Real EstateUnified identity management enpowers the digital transformation of the real estate industry through seamless connectivity.
-
ConstructionIAM helps establish a project-centric identity security and control system to manage access and safeguard critical project data.