top of page
Search

IAM Glossary for Decision Makers 

Updated: 7 days ago

ree

Identity terminology can sound abstract. 


 It isn’t.  


A good glossary shouldn’t sound like a manual. It should read like a field guide — short definitions that make you actually understand what’s happening when someone says “Zero Trust” or “Conditional Access.”  


Each term here maps to a tangible action — a lever that changes how trust, access, and accountability work inside your business. 


This one’s written for you who make the decisions, not the ones writing the scripts. 


 

Authentication 


Proving identity. It’s how the system decides that you are who you claim to be — through biometrics, passkeys, hardware tokens, or verified digital IDs. 

 

Old model: username and password.  


New model: cryptographic proof that can’t be phished, reused, or guessed. 


 

Authorization 


Once you’re verified, authorization decides what you can do.  


It maps access rights to roles, departments, and context. If authentication is the key, authorization is the door it opens — and how wide. 

 

Audit and Accountability 


The evidence layer.  


Every login, permission change, and admin action is logged automatically. When regulators ask “who had access to what, and when?”, this is where the answer lives. 


Strong IAM turns audits from panic events into a button click. 

 

Passwordless Authentication 


No passwords. No resets. No phishing.  


Users log in through biometrics, passkeys, or FIDO2 security keys. Each credential is unique to the device and mathematically bound to the legitimate domain. Even the best phishing page can’t fake that.  


It’s safer and faster. 

 

Lifecycle Management 


The automation engine that governs every identity from start to finish. 


When someone joins, moves, or leaves, their access updates instantly across all systems. No manual tickets. No forgotten accounts. IBM data shows that orphaned accounts are one of the top five breach vectors. Lifecycle automation removes that risk entirely. 

 

Single Sign-On (SSO) 


One login for everything you’re allowed to use.  


The goal isn’t convenience alone, it’s consistency. Every authentication goes through the same trust policy, reducing weak links and attack surfaces. 

 

Federation 


Sharing trust between systems or organizations.  


It lets external partners or customers access your resources using their own verified credentials, like BankID or Vipps – without you managing their passwords. 


The benefit: faster collaboration, less risk, less admin. 

 

Zero Trust 


Assume nothing, verify everything, always. Every request from user, device, or app is authenticated and authorized in real time. 


It’s not paranoia. It’s precision.  


Zero Trust doesn’t slow you down; it keeps you from running blind. 

 

Conditional Access 

Real-time risk assessment.  


It adjusts security based on context: user, device health, location, and activity. 


A login from the same laptop in Oslo? Seamless. From an unknown device in Bucharest at 3 a.m.? Step-up authentication. 


Security adapts, automatically. 

 

Identity Governance 

Ongoing quality control for access rights.  


It reviews who has what access, ensures it’s justified, and revokes what’s not. Think of it as continuous hygiene, keeping permissions clean, current, and compliant. 

 

Privileged Identity Management (PIM) 


The safety net for admin accounts; the “crown jewels.”  


PIM enforces just-in-time privileges: elevated rights appear only when needed, then disappear. Every action is logged, reviewed, and auditable. 


No permanent superusers, no invisible risks. 

 

Machine Identity (Workload Identity) 


Accounts that don’t belong to people; bots, APIs, scripts, containers.  They outnumber human users in most enterprises, and attackers know it.  They need the same governance: unique credentials, rotation, and monitoring.  Treat them like employees who never sleep. 

 

AI Governance 


Managing who or what can access your AI models and data. As AI systems become central to operations, their inputs and outputs must be protected like any other critical system.  


IBM’s 2025 report found 63 % of companies still lack AI access governance — that gap will close fast. 

 

Hybrid Identity 


Blending cloud-based and on-prem identities under one system. Most companies can’t flip a switch to go all-cloud. Hybrid IAM allows gradual modernization — using one control plane to secure both worlds. 

 

eIDAS 2.0 / EU Digital Identity Wallet 


The European framework for verified digital identities. It will let citizens, employees, and businesses use one interoperable credential across both public and private services. 


Enterprises that align early will gain smoother compliance and easier cross-border collaboration. 

 

Breach Lifecycle 


The time between “it happened” and “we contained it.” IBM’s 2025 study shows that companies closing breaches within 200 days save USD 1.14 million compared to those that don’t.


IAM automation is the fastest way to shorten that timeline. 

 

Competence Density (Fortytwo’s favorite term) 


How much real expertise exists per decision. It’s what makes complex systems simple – because people who understand identity deeply can design it cleanly. The more competence density you build, the less chaos you have to manage. 

 

At Fortytwo, we cut through the noise: This is how we talk about identity, and how we build it. 

 

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page