Glossary of Non Human Identity Management
Unlock the Language of Security and Efficiency in IAM
Glossary
In the evolving landscape of IAM, understanding non-human identities like bots is crucial. Our glossary offers clear definitions and best practices in non-human identity management for IT professionals.
Why Manage NHI assets with Oasis

Non Human Identity Lifecycle Management

Identity Types

Non Human Identitiy
Security Violations
Security Violations

IAM Concepts

Vendors

Regulation
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Identity types
AWS RDS User
An AWS RDS user is an identity granted access to resources and services within an Amazon Web Services (AWS) Relational Database Service...
AWS
letter=
A
Identity types
Access Key
An access key is a unique string of characters used to authenticate and authorize access to a system, service, or resource. Access keys...
Azure
letter=
A
IAM Concepts
Access Management
Access Management is the process of authenticating and authorizing users and machines to access systems, applications, and APIs.
AWS
Azure
GCP
OKTA
letter=
A
Agentic AI
Agentic AI refers to artificial intelligence systems that operate autonomously, executing tasks, making decisions,...
letter=
A
Identity types
Application
An application is a software program or set of software components designed to perform specific tasks or functions to meet...
letter=
A
IAM Concepts
Attestation
Access attestation, also known as access recertification or entitle review, enables you to review and validate the access privileges...
AWS
Azure
GCP
OKTA
letter=
A
Identity types
Break Glass Account
A break glass account is a special user account or emergency access mechanism used to gain privileged access to critical systems...
AWS
Azure
GCP
OKTA
letter=
B
IAM Concepts
CIEM
Cloud Infrastructure Entitlement Management (CIEM) refers to tools and practices for managing and governing cloud-based identities...
AWS
Azure
GCP
OKTA
letter=
C
IAM Concepts
Conditional Access
Conditional access is a security feature that controls access to resources based on specific conditions or criteria, such as...
letter=
C
Non Human Identity Lifecycle Management
Decommission
Decommissioning is the process of retiring, deactivating, or shutting down IT systems, hardware, software, or services that are no...
Azure
AWS
GCP
OKTA
letter=
D
Identity types
Device identity
A device identity is a subset of machine identities (or non-human identities) that represents physical or virtual hardware...
AWS
Azure
GCP
OKTA
letter=
D
Identity types
External Account
An external account refers to a user account or identity managed by an external identity provider (IdP) or authentication...
AWS
Azure
GCP
OKTA
letter=
E
Vendor
GCP Secret Vault
The Google Cloud Secrets Engine automates the generation of service account keys and OAuth tokens, aligning with...
GCP
letter=
G
Generative AI
Generative AI refers to a class of artificial intelligence models capable of producing new content...
letter=
G
Vendor
HashiCorp Vault
HashiCorp Vault is a popular open-source tool for managing secrets, encryption keys, and...
letter=
H
Identity types
Human Identity
Human identity refers to the unique characteristics, attributes, or identifiers associated with individual users or persons within...
AWS
Azure
GCP
OKTA
letter=
H
IAM Concepts
IAM
Identity and Access Management (IAM) is a framework or system used to manage digital identities, authentication, and access controls...
letter=
I
Identity types
IAM User
An IAM (Identity and Access Management) user is an individual or entity granted access to resources and services within an IAM system or...
AWS
letter=
I
IAM Concepts
IDP
IDP stands for Identity Provider, a service or system responsible for authenticating and verifying the identities of users or entities...
letter=
I
IAM Concepts
Identity Fabric
Identity Fabric is a framework of interconnected tools, technologies, and processes designed to collectively manage both human and NHIs...
Azure
AWS
GCP
OKTA
letter=
I
IAM Concepts
Identity Threat Detection and Response (ITDR)
Identity Threat Detection and Response (ITDR) is an emerging cybersecurity discipline focused on detecting, analyzing, and responding to...
AWS
GCP
Azure
OKTA
letter=
I
IAM Concepts
Just-in-time
Just-in-Time (JIT) access is a dynamic access control model that grants identities
letter=
J
Identity types
KMS Key
A Key Management Service (KMS) key is a cryptographic key used for encryption, decryption, and access management of data, usually for...
AWS
letter=
K
Non Human Identity Lifecycle Management
Lifecycle Management
Lifecycle management refers to the process of managing the entire lifecycle of resources, assets, or entities within...
OKTA
AWS
Azure
GCP
letter=
L
IAM Concepts
MFA
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of...
letter=
M
Identity types
MSA Key
MSA is the consumer side of Microsoft that powers authentication for all consumer based platforms...
Azure
letter=
M
IAM Concepts
Machine Credentials
Machine credentials are cryptographic artifacts used to authenticate and authorize non-human identities (NHIs)...
letter=
M
Identity types
Machine Identity
A machine identity refers to the unique digital representation of a machine within an organization's network or system...
AWS
GCP
Azure
OKTA
letter=
M
Identity types
Non Human Identity
NHI stands for Non Human Identity. A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication.
AWS
Azure
GCP
OKTA
letter=
N
IAM Concepts
OAuth 2.0
OAuth 2.0 is an open standard for access delegation that allows applications to obtain limited access to user resources...
AWS
Azure
GCP
OKTA
letter=
O
Identity types
OAuth Tokens
OAuth tokens are cryptographic credentials issued through the OAuth 2.0 framework that grant access to protected resources...
letter=
O
IAM Concepts
Offboarded Employee
An offboarded employee is a former employee or staff member who has left the organization or terminated their employment. Offboarding...
AWS
Azure
GCP
OKTA
letter=
O
Vendor
Okta Application
Okta is a platform for identity and access management that offers secure identity verification, single sign-on (SSO), and...
OKTA
letter=
O
Non Human Identity Security Violations
Orphaned Accounts
Orphaned accounts are user accounts or identities that are no longer associated with any active user or role within a system or...
AWS
Azure
GCP
OKTA
letter=
O
Non Human Identity Security Violations
Out-of-Sync Application
An out-of-sync application is a software application or system that is not synchronized or aligned with other components, dependencies, or d
AWS
Azure
GCP
OKTA
letter=
O
Non Human Identity Security Violations
Overconsumed
Overconsumption occurs when resources or services are utilized beyond their intended or...
AWS
Azure
GCP
OKTA
letter=
O
Non Human Identity Security Violations
Overprivileged
Overprivileged refers to a condition where user accounts, roles, or entities are granted excessive or unnecessary permissions and access...
AWS
Azure
GCP
OKTA
letter=
O
IAM Concepts
PAM
Privileged Access Management (PAM) is a set of tools and strategies designed to manage, monitor, and secure privileged accounts and access.
AWS
Azure
GCP
OKTA
letter=
P
Regulation
PCI 4.0
PCI 4.0 refers to the Payment Card Industry Data Security Standard (PCI DSS) version 4.0, a set of...
letter=
P
Vendor
Parameter Store
AWS Systems Manager Parameter Store offers a secure way to store and manage configuration data and...
AWS
letter=
P
IAM Concepts
Principle of Least Privilege
The Principle of Least Privilege (PoLP) is a foundational cybersecurity concept that dictates all identities...
letter=
L
Non Human Identity Lifecycle Management
Provisioning
Provisioning is the process of setting up, configuring, and allocating resources, accounts, or services to users, applications, or...
AWS
Azure
GCP
OKTA
letter=
P
IAM Concepts
RBAC Role-Based Access Control
Role-Based Access Control (RBAC) is a method of managing access to resources in a system based on the roles assigned to individual users...
letter=
R
Identity types
Role
A role defines a set of permissions and access rights granted to users, groups, or service principals within a system or...
GCP
letter=
R
Identity types
SAS Token
A Shared Access Signature (SAS) token is a security token that provides limited access rights to specific...
Azure
letter=
S
IAM Concepts
SPIFFE Verifiable Identity Document
The SPIFFE Verifiable Identity Document (SVID) is a specification for securely issuing and validating cryptographic identities...
AWS
Azure
GCP
OKTA
letter=
S
IAM Concepts
SSO
Single Sign-On (SSO) is an authentication mechanism that allows users to access multiple applications or services with...
letter=
S
Identity types
Secret Manager Secret
A secret manager secret is a confidential piece of information, such as a password, API token, or database connection string, stored...
AWS
letter=
S
Non Human Identity Lifecycle Management
Secret Rotation
Secret rotation is the process of regularly updating or replacing cryptographic keys, passwords, API tokens, or...
OKTA
letter=
S
IAM Concepts
Secret Sprawl
Secret sprawl refers to the uncontrolled proliferation or accumulation of secrets, credentials, or sensitive information across an...
letter=
S
Identity types
Secure Parameter
A secure parameter is a configurable value or setting used in an application, service, or system that has been designed and implemented...
AWS
letter=
S
Identity types
Service Accounts
Service accounts is a type of account used by services, applications, or automated processes to access resources or perform specific...
Azure
letter=
S
Identity types
Service Principal
A service principal is an identity used by a service or application to authenticate and access resources in a secure and controlled...
Azure
letter=
S
Non Human Identity Security Violations
Stale Accounts
Stale accounts are user accounts or identities that remain active within an organization's IT environment despite being unused or...
AWS
Azure
GCP
OKTA
letter=
S
IAM Concepts
Vault
A vault is a secure repository used to store sensitive information, such as passwords, cryptographic keys, certificates...
letter=
V
Identity types
Vault Certificate
A vault certificate is a digital certificate stored securely within a vault or cryptographic system. Vault certificates are used for...
letter=
V
Identity types
Vault Key
A vault key is a cryptographic key stored securely within a vault for encryption, decryption, or authentication purposes. Vault keys are...
letter=
V
Non Human Identity Lifecycle Management
Vault Secret
A vault secret is a confidential piece of information, such as a password, stored securely within a vault. Vault secrets are protected...
letter=
V
IAM Concepts
Workload IAM (Identity and Access Management)
Workload Identity and Access Management (IAM) refers to the application of IAM principles specifically to non-human identities...
AWS
Azure
GCP
OKTA
letter=
W
See Oasis in action. Book a demo
Connect with one of our experts to explore how the Oasis platform can work for you