Skip to main content

User Guide Glossary of terms

ApplicationAn application is any software application which you on-board in IDHub in order to create accounts (provision), revoke access (de-provision), manage, edit, enable/disable, reconcile and retire.
EntitlementAn entitlement is permissions within an application. Using entitlement management, access to systems, devices, software, and digital material, user access can be restricted. In order to make sure that only those with the proper authorizations have access to certain resources, entitlement management is highly beneficial.
ProvisioningProvisioning is the procedure for creating an identity and the corresponding access settings in a software system. A new user signing up for a service or a new hire starting work at an organisation are two examples. Setting up a means for future authentication is necessary for provisioning (e.g. receiving user login credentials, choosing a password, etc.).
De-provisioningDe-provisioning is the procedure of blocking a certain user's access to software applications. For instance, a user profile must be deprovisioned when an employee quits the company.
RoleDepending on their position inside the organization, such as user, editor, administrator, or super user, users are given several sorts of access rights. Role-based access minimizes the disruption that might result if an unscrupulous actor assumes charge of a user's account by preventing users from accessing data they shouldn't have.
Connected ApplicationAn application is designated as 'Connected' if connection is established to send and receive account and entitlement related information from IDHub to the Target System (which can be any application) or vice-versa.
Disconnected ApplicationAn application is designated as 'Disconnected ' if there is no connection established to send and receive account and entitlement related information from IDHub to the Target System (which can be any application) or vice-versa.
ReconciliationData Synchronization of user accounts and entitlement information from Target System to IDHub.
Business OwnerA Business owner or resource owner of an item is an individual in charge of approving all modifications to the item on a business strategy level
IT OwnerAn IT owner of an item is an individual in charge of IT-related management of the application.
WorkflowA workflow of an item defines the stages that an item must go through for provisioning (or de-provisioning) of user accounts in an application or request access (or revoke access) to roles. Choosing a workflow helps in defining what approval and fulfillment flow the access requests will take for provisioning and de-provisioning of particular entitlement
Risk LevelRisk level for an application is used to communicate risk scores to users of the application. A person who has access to the application will have a total risk score, which will be divided into three categories: High, Medium, and Low. High is a risk score of 3, Medium is a risk score of 2 and Low is a risk score of 1
Certification TagsCertification tags for an application is a multi-tag keyword information may be applied as a filter in many different locations. The most frequent usage of this is to detect certain compliance-related tags, such as HIPAA, NERC-SIP, etc., during access reviews.
RequestableRequestable for an item defines if it is available to end users for manual requests. This prevents the item from being seen in IDHub's Search Catalog - User Module.
Trusted ApplicationIf the target system or application is your source of truth then it is to be designated as Trusted Application. If no matching user is identified, a trustworthy application can create new accounts in IDHub
Non-Trusted ApplicationIDHub doesn’t permit for a non-trusted application to link user accounts to current users. Information is not retrieved from any account for non-trusted applications if it cannot be matched with an existing user.
Custom FormA form which you can customize as per your business need is a custom form. This can be picked to consider as an overlay to make the attributes more understandable and easy to request for an application.
Application AttributeApplication Attribute is the target system’s specific collection of attribute data before the user may request the creation of an account.
Account Field NameEvery application has an attribute which is its unique identifier for the account. This attribute is known as ‘Account Field Name'
Reconciliation KeyIDHub requires user accounts to be mapped to users. For the mapping to be successful, a reconciliation key configuration is used. This attribute is known as reconciliation key which is used to match a user with its account.
Multi-Value AttributeCertain data types allow multiple values for a single attribute. Ex: Date if chosen as a multi-value, becomes a date range field. Ex: 01/01/1991 - 31/12/1991
User AccountThe attributes which are defined in the attribute page while application creation are user account attributes specific to that application.
User AttributesThe attributes which are present in the User Schema of IDHub is the user attributes
FulfillmentAn IDHub out-of the box workflow needs a fulfiller group assignment to complete provisioning of access requests manually into the target system and mark the task as Done in IDHub. This is called fulfillment
ApproversSome workflows need to define the approver groups who will be in-charge of a particular stage of approving. These are known as approvers
Access ManagerThis is an OOTB (out of the box) Role dedicated to managing application-related changes.
DraftsWhen you are on-boarding applications or roles and don’t complete the on-boarding for the item, then IDHub saves the same as drafts.