| Term | Description |
| Application | An application is any software application which you on-board in IDHub in order to create accounts (provision), revoke access (de-provision), manage, edit, enable/disable, reconcile and retire. |
| Entitlement | An entitlement is permissions within an application. Using entitlement management, access to systems, devices, software, and digital material, user access can be restricted. In order to make sure that only those with the proper authorizations have access to certain resources, entitlement management is highly beneficial. |
| Provisioning | Provisioning is the procedure for creating an identity and the corresponding access settings in a software system. A new user signing up for a service or a new hire starting work at an organisation are two examples. Setting up a means for future authentication is necessary for provisioning (e.g. receiving user login credentials, choosing a password, etc.). |
| De-provisioning | De-provisioning is the procedure of blocking a certain user's access to software applications. For instance, a user profile must be deprovisioned when an employee quits the company. |
| Role | Depending on their position inside the organization, such as user, editor, administrator, or super user, users are given several sorts of access rights. Role-based access minimizes the disruption that might result if an unscrupulous actor assumes charge of a user's account by preventing users from accessing data they shouldn't have. |
| Connected Application | An application is designated as 'Connected' if connection is established to send and receive account and entitlement related information from IDHub to the Target System (which can be any application) or vice-versa. |
| Disconnected Application | An application is designated as 'Disconnected ' if there is no connection established to send and receive account and entitlement related information from IDHub to the Target System (which can be any application) or vice-versa. |
| Reconciliation | Data Synchronization of user accounts and entitlement information from Target System to IDHub. |
| Business Owner | A Business owner or resource owner of an item is an individual in charge of approving all modifications to the item on a business strategy level |
| IT Owner | An IT owner of an item is an individual in charge of IT-related management of the application. |
| Workflow | A workflow of an item defines the stages that an item must go through for provisioning (or de-provisioning) of user accounts in an application or request access (or revoke access) to roles. Choosing a workflow helps in defining what approval and fulfillment flow the access requests will take for provisioning and de-provisioning of particular entitlement |
| Risk Level | Risk level for an application is used to communicate risk scores to users of the application. A person who has access to the application will have a total risk score, which will be divided into three categories: High, Medium, and Low. High is a risk score of 3, Medium is a risk score of 2 and Low is a risk score of 1 |
| Certification Tags | Certification tags for an application is a multi-tag keyword information may be applied as a filter in many different locations. The most frequent usage of this is to detect certain compliance-related tags, such as HIPAA, NERC-SIP, etc., during access reviews. |
| Requestable | Requestable for an item defines if it is available to end users for manual requests. This prevents the item from being seen in IDHub's Search Catalog - User Module. |
| Trusted Application | If the target system or application is your source of truth then it is to be designated as Trusted Application. If no matching user is identified, a trustworthy application can create new accounts in IDHub |
| Non-Trusted Application | IDHub doesn’t permit for a non-trusted application to link user accounts to current users. Information is not retrieved from any account for non-trusted applications if it cannot be matched with an existing user. |
| Custom Form | A form which you can customize as per your business need is a custom form. This can be picked to consider as an overlay to make the attributes more understandable and easy to request for an application. |
| Application Attribute | Application Attribute is the target system’s specific collection of attribute data before the user may request the creation of an account. |
| Account Field Name | Every application has an attribute which is its unique identifier for the account. This attribute is known as ‘Account Field Name' |
| Reconciliation Key | IDHub requires user accounts to be mapped to users. For the mapping to be successful, a reconciliation key configuration is used. This attribute is known as reconciliation key which is used to match a user with its account. |
| Multi-Value Attribute | Certain data types allow multiple values for a single attribute. Ex: Date if chosen as a multi-value, becomes a date range field. Ex: 01/01/1991 - 31/12/1991 |
| User Account | The attributes which are defined in the attribute page while application creation are user account attributes specific to that application. |
| User Attributes | The attributes which are present in the User Schema of IDHub is the user attributes |
| Fulfillment | An IDHub out-of the box workflow needs a fulfiller group assignment to complete provisioning of access requests manually into the target system and mark the task as Done in IDHub. This is called fulfillment |
| Approvers | Some workflows need to define the approver groups who will be in-charge of a particular stage of approving. These are known as approvers |
| Access Manager | This is an OOTB (out of the box) Role dedicated to managing application-related changes. |
| Drafts | When you are on-boarding applications or roles and don’t complete the on-boarding for the item, then IDHub saves the same as drafts. |