Glossary of Non Human Identity Management

Unlock the Language of Security and Efficiency in IAM
Glossary

In the evolving landscape of IAM, understanding non-human identities like bots is crucial. Our glossary offers clear definitions and best practices in non-human identity management for IT professionals.

Why Manage NHI assets with Oasis

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Identity types

AWS RDS User

An AWS RDS user is an identity granted access to resources and services within an Amazon Web Services (AWS) Relational Database Service...
AWS
Read more

letter=

A
Identity types

Access Key

An access key is a unique string of characters used to authenticate and authorize access to a system, service, or resource. Access keys...
Azure
Read more

letter=

A
IAM Concepts

Access Management

Access Management is the process of authenticating and authorizing users and machines to access systems, applications, and APIs.
AWS
Azure
GCP
OKTA
Read more

letter=

A

Agentic AI

Agentic AI refers to artificial intelligence systems that operate autonomously, executing tasks, making decisions,...
Read more

letter=

A
Identity types

Application

An application is a software program or set of software components designed to perform specific tasks or functions to meet...
Read more

letter=

A
IAM Concepts

Attestation

Access attestation, also known as access recertification or entitle review, enables you to review and validate the access privileges...
AWS
Azure
GCP
OKTA
Read more

letter=

A
Identity types

Break Glass Account

A break glass account is a special user account or emergency access mechanism used to gain privileged access to critical systems...
AWS
Azure
GCP
OKTA
Read more

letter=

B
IAM Concepts

CIEM

Cloud Infrastructure Entitlement Management (CIEM) refers to tools and practices for managing and governing cloud-based identities...
AWS
Azure
GCP
OKTA
Read more

letter=

C
IAM Concepts

Conditional Access

Conditional access is a security feature that controls access to resources based on specific conditions or criteria, such as...
Read more

letter=

C
Non Human Identity Lifecycle Management

Decommission

Decommissioning is the process of retiring, deactivating, or shutting down IT systems, hardware, software, or services that are no...
Azure
AWS
GCP
OKTA
Read more

letter=

D
Identity types

Device identity

A device identity is a subset of machine identities (or non-human identities) that represents physical or virtual hardware...
AWS
Azure
GCP
OKTA
Read more

letter=

D
Identity types

External Account

An external account refers to a user account or identity managed by an external identity provider (IdP) or authentication...
AWS
Azure
GCP
OKTA
Read more

letter=

E
Vendor

GCP Secret Vault

The Google Cloud Secrets Engine automates the generation of service account keys and OAuth tokens, aligning with...
GCP
Read more

letter=

G

Generative AI

Generative AI refers to a class of artificial intelligence models capable of producing new content...
Read more

letter=

G
Vendor

HashiCorp Vault

HashiCorp Vault is a popular open-source tool for managing secrets, encryption keys, and...
Read more

letter=

H
Identity types

Human Identity

Human identity refers to the unique characteristics, attributes, or identifiers associated with individual users or persons within...
AWS
Azure
GCP
OKTA
Read more

letter=

H
IAM Concepts

IAM

Identity and Access Management (IAM) is a framework or system used to manage digital identities, authentication, and access controls...
Read more

letter=

I
Identity types

IAM User

An IAM (Identity and Access Management) user is an individual or entity granted access to resources and services within an IAM system or...
AWS
Read more

letter=

I
IAM Concepts

IDP

IDP stands for Identity Provider, a service or system responsible for authenticating and verifying the identities of users or entities...
Read more

letter=

I
IAM Concepts

IGA

Identity Governance and Administration (IGA)
AWS
Azure
GCP
OKTA
Read more

letter=

I
IAM Concepts

Identity Fabric

Identity Fabric is a framework of interconnected tools, technologies, and processes designed to collectively manage both human and NHIs...
Azure
AWS
GCP
OKTA
Read more

letter=

I
IAM Concepts

Identity Threat Detection and Response (ITDR)

Identity Threat Detection and Response (ITDR) is an emerging cybersecurity discipline focused on detecting, analyzing, and responding to...
AWS
GCP
Azure
OKTA
Read more

letter=

I
IAM Concepts

Just-in-time

Just-in-Time (JIT) access is a dynamic access control model that grants identities
Read more

letter=

J
Identity types

KMS Key

A Key Management Service (KMS) key is a cryptographic key used for encryption, decryption, and access management of data, usually for...
AWS
Read more

letter=

K
Non Human Identity Lifecycle Management

Lifecycle Management

Lifecycle management refers to the process of managing the entire lifecycle of resources, assets, or entities within...
OKTA
AWS
Azure
GCP
Read more

letter=

L
IAM Concepts

MFA

Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide two or more forms of...
Read more

letter=

M
Identity types

MSA Key

MSA is the consumer side of Microsoft that powers authentication for all consumer based platforms...
Azure
Read more

letter=

M
IAM Concepts

Machine Credentials

Machine credentials are cryptographic artifacts used to authenticate and authorize non-human identities (NHIs)...
Read more

letter=

M
Identity types

Machine Identity

A machine identity refers to the unique digital representation of a machine within an organization's network or system...
AWS
GCP
Azure
OKTA
Read more

letter=

M
Identity types

Non Human Identity

NHI stands for Non Human Identity. A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication.
AWS
Azure
GCP
OKTA
Read more

letter=

N
IAM Concepts

OAuth 2.0

OAuth 2.0 is an open standard for access delegation that allows applications to obtain limited access to user resources...
AWS
Azure
GCP
OKTA
Read more

letter=

O
Identity types

OAuth Tokens

OAuth tokens are cryptographic credentials issued through the OAuth 2.0 framework that grant access to protected resources...
Read more

letter=

O
IAM Concepts

Offboarded Employee

An offboarded employee is a former employee or staff member who has left the organization or terminated their employment. Offboarding...
AWS
Azure
GCP
OKTA
Read more

letter=

O
Vendor

Okta Application

Okta is a platform for identity and access management that offers secure identity verification, single sign-on (SSO), and...
OKTA
Read more

letter=

O
Non Human Identity Security Violations

Orphaned Accounts

Orphaned accounts are user accounts or identities that are no longer associated with any active user or role within a system or...
AWS
Azure
GCP
OKTA
Read more

letter=

O
Non Human Identity Security Violations

Out-of-Sync Application

An out-of-sync application is a software application or system that is not synchronized or aligned with other components, dependencies, or d
AWS
Azure
GCP
OKTA
Read more

letter=

O
Non Human Identity Security Violations

Overconsumed

Overconsumption occurs when resources or services are utilized beyond their intended or...
AWS
Azure
GCP
OKTA
Read more

letter=

O
Non Human Identity Security Violations

Overprivileged

Overprivileged refers to a condition where user accounts, roles, or entities are granted excessive or unnecessary permissions and access...
AWS
Azure
GCP
OKTA
Read more

letter=

O
IAM Concepts

PAM

Privileged Access Management (PAM) is a set of tools and strategies designed to manage, monitor, and secure privileged accounts and access.
AWS
Azure
GCP
OKTA
Read more

letter=

P
Regulation

PCI 4.0

PCI 4.0 refers to the Payment Card Industry Data Security Standard (PCI DSS) version 4.0, a set of...
Read more

letter=

P
Vendor

Parameter Store

AWS Systems Manager Parameter Store offers a secure way to store and manage configuration data and...
AWS
Read more

letter=

P
IAM Concepts

Principle of Least Privilege

The Principle of Least Privilege (PoLP) is a foundational cybersecurity concept that dictates all identities...
Read more

letter=

L
Non Human Identity Lifecycle Management

Provisioning

Provisioning is the process of setting up, configuring, and allocating resources, accounts, or services to users, applications, or...
AWS
Azure
GCP
OKTA
Read more

letter=

P
IAM Concepts

RBAC Role-Based Access Control

Role-Based Access Control (RBAC) is a method of managing access to resources in a system based on the roles assigned to individual users...
Read more

letter=

R
Identity types

Role

A role defines a set of permissions and access rights granted to users, groups, or service principals within a system or...
GCP
Read more

letter=

R
Identity types

SAS Token

A Shared Access Signature (SAS) token is a security token that provides limited access rights to specific...
Azure
Read more

letter=

S
IAM Concepts

SPIFFE Verifiable Identity Document

The SPIFFE Verifiable Identity Document (SVID) is a specification for securely issuing and validating cryptographic identities...
AWS
Azure
GCP
OKTA
Read more

letter=

S
IAM Concepts

SSO

Single Sign-On (SSO) is an authentication mechanism that allows users to access multiple applications or services with...
Read more

letter=

S
Identity types

Secret Manager Secret

A secret manager secret is a confidential piece of information, such as a password, API token, or database connection string, stored...
AWS
Read more

letter=

S
Non Human Identity Lifecycle Management

Secret Rotation

Secret rotation is the process of regularly updating or replacing cryptographic keys, passwords, API tokens, or...
OKTA
Read more

letter=

S
IAM Concepts

Secret Sprawl

Secret sprawl refers to the uncontrolled proliferation or accumulation of secrets, credentials, or sensitive information across an...
Read more

letter=

S
Identity types

Secure Parameter

A secure parameter is a configurable value or setting used in an application, service, or system that has been designed and implemented...
AWS
Read more

letter=

S
Identity types

Service Accounts

Service accounts is a type of account used by services, applications, or automated processes to access resources or perform specific...
Azure
Read more

letter=

S
Identity types

Service Principal

A service principal is an identity used by a service or application to authenticate and access resources in a secure and controlled...
Azure
Read more

letter=

S
Non Human Identity Security Violations

Stale Accounts

Stale accounts are user accounts or identities that remain active within an organization's IT environment despite being unused or...
AWS
Azure
GCP
OKTA
Read more

letter=

S
IAM Concepts

Vault

A vault is a secure repository used to store sensitive information, such as passwords, cryptographic keys, certificates...
Read more

letter=

V
Identity types

Vault Certificate

A vault certificate is a digital certificate stored securely within a vault or cryptographic system. Vault certificates are used for...
Read more

letter=

V
Identity types

Vault Key

A vault key is a cryptographic key stored securely within a vault for encryption, decryption, or authentication purposes. Vault keys are...
Read more

letter=

V
Non Human Identity Lifecycle Management

Vault Secret

A vault secret is a confidential piece of information, such as a password, stored securely within a vault. Vault secrets are protected...
Read more

letter=

V
IAM Concepts

Workload IAM (Identity and Access Management)

Workload Identity and Access Management (IAM) refers to the application of IAM principles specifically to non-human identities...
AWS
Azure
GCP
OKTA
Read more

letter=

W
IAM Concepts

Workload IGA (Identity Governance and Administration)

Workload Identity Governance and Administration encompasses the processes, technologies, and policies designed to manage and secure NHIs...
AWS
GCP
Azure
OKTA
Read more

letter=

W
Identity types

Workload Identity

A workload identity is a specific type of machine identity or non-human identity that represents software-based entities...
Azure
AWS
GCP
OKTA
Read more

letter=

W

See Oasis in action. Book a demo

Connect with one of our experts to explore how the Oasis platform can work for you