Glossary
A
Access Applications (n): Logical groupings of access within Identity Security Cloud that provide context for access rights, access requests, and password policies.
Access History (n): A feature of Access Insights that allows users to view historical access data for identities.
Access Insights (n): A component of AI-Driven Identity Security that provides insightful identity intelligence with Access History, Identity Outliers, and Access Intelligence capabilities.
Access Intelligence Center (n): A feature of Access Insights that lets users discover key insights into their identity and administration program.
Access Model (n): The set of structures, including roles, access profiles, and lifecycle states, that group entitlements into logical sets to simplify access management.
Access Modeling (n): A component of AI-Driven Identity Security that leverages Role Insights and Role Discovery to make the creation and maintenance of an organization's role model easy, fast, and relevant.
Access Path (n): The path of access to a cloud resource an identity has from an entitlement.
Access Profile (n): A set of entitlements that represents a level of logical access (for example user, guest, or admin) to a single source and/or a related application. Access profiles can be granted as part of provisioning actions.
Access Recommendations (n): A component of AI-Driven Identity Security that uses peer group analysis and identity attributes to recommend access to users and help certifiers decide whether access requests should be approved or denied. It includes Access Request Recommendations and Certification and Approval Recommendations.
Access Request (n): The process of requesting access to an access item or app. A reviewer can approve or revoke the request.
Access Request Recommendations (n): A feature of Access Recommendations. End users receive suggestions on access they should request based on peer group analysis.
Access Risk Management (n): A SailPoint product that allows users to automate the monitoring and managing of access risks across the enterprise.
Account (n): A user's access to a specific system either on-premises or in the cloud. This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the system and some set of attributes. Accounts are loaded into Identity Security Cloud by creating or aggregating a source in Identity Security Cloud.
Account Schema (n): The set of account attributes within a source and how they're organized.
Activity Insights (n): A feature that allows users to view an identity’s activity data within an application and discover trends for that user.
Admin (n): Short for Administrator.
Administrator (n): A type of user who controls the system configurations, applications, sources, and identities.
Admin Dashboard (n): An overview of important system information and admin-only menu options.
Aggregation (n): The collection of account and entitlement information from the sources configured to work with Identity Security Cloud.
Allow List (n): A list of countries that your organization has deemed trustworthy. Identity Security Cloud allows users to define security controls for countries that do not belong to the allow list.
API (n): Application Programming Interfaces (APIs) allow system administrators or external systems to request actions without using the user interface.
API Key (n): Code used to identify and authenticate an application or user.
Access Application (n): Logical groupings of access within Identity Security Cloud that provide context for access rights, access requests, and password policies.
App (n): Short for application. May refer to access or enterprise applications.
Application Discovery (n): The automated processing of discovery sources to recommend connectors for apps you need to onboard or have already onboarded.
Approval (n): The process of approving an access request.
Attribute (n): A single item of data related to a particular user and the value contained in it. For example, a user's first name is an attribute.
Attribute Sync (n): The ability to select identity attributes whose values can be copied to related source attributes. This applies to sources that support provisioning.
Audit Report (n): A report tracking administrator, user, and/or system actions. This report is found in Search.
Authenticate (v): To verify your identity, usually via username and password, and gain access to an account, application, or Identity Security Cloud.
Authoritative Source (n): The primary source of employee information for your enterprise, such as a human resources application, used as the source of identities associated with a specific identity profile.
B
Birthright Access (n): Access granted to a majority of identities by becoming part of an organization. The granting of birthright access is usually triggered by a "start" event, such as first day on the job, moving to a new department, or a promotion.
Brand (n): The customized colors and logos that a set of identities see in the product based on the value in their brand attribute.
C
Campaign (n): A set of certifications for all users or groups of users, entitlements, and applications.
Campaign Filter (n): A set of rules that defines the contents of a certification campaign.
Certification (n): The process that allows designated people, such as managers or system owners, to review users’ access to enterprise systems and data.
Certification Admin User (n): A user with permission to create and manage certification campaigns.
Certification Recommendations (n): A feature of Access Recommendations. Certification reviewers receive recommendations when making access decisions.
Cloud Access Management (n): A SailPoint product that provides the automated monitoring of cloud access and visibility into how access is granted.
Cloud Infrastructure Entitlement Management (CIEM) (n): A SailPoint product that shows the effective access of entitlements to a resource and the user's entitlement activity in their cloud infrastructure.
Cloud Scope (n): The objects, like groups, policies, and projects, granting users access to cloud resources.
Cloud Service Provider (CSP) (n): A company that offers a cloud computing platform, infrastructure, application, or storage services. For example, Azure, AWS, and Google Cloud Platform.
Cluster (n): A group of virtual appliances that provide high availability to their connected sources.
Configuration Hub (n): A feature that supports the management of configuration objects in a user’s SailPoint Identity Security Cloud tenant through backup and deploy operations.
Connector (n): The software that connects Identity Security Cloud to a source system so that the user data can be loaded into their identity governance system.
Correlation (n): The process of determining whether a particular account belongs to an identity.
D
Data Access Security (n): A SailPoint product that lets users discover, govern, and secure critical unstructured data and protect it from critical security risks.
Delta Aggregation (n): An aggregation that only loads data that has changed, been added, or been removed. Only some sources support this.
Deprovisioning (n): The process of removing user access to systems, applications, and databases. This occurs automatically in all orgs that use provisioning. Deprovisioning is also used in some certification configurations to automatically remove access that was revoked.
Desktop Password Reset (DPR) (n): A SailPoint application that allows users to reset their Identity Security Cloud password from the Windows sign-in screen even if they have forgotten their password or are locked out of their computer.
Discovery Source (n): A source that can discover applications in your organization when using SailPoint application onboarding.
E
Effective Access (n): The permission (read/write/admin) on cloud resources calculated from combining all access paths that grant or deny access to CSP infrastructure.
Emergency Access Administrator (n): A user who can log in and make changes to a system that is experiencing connectivity problems. Also referred to as a break glass administrator.
Enterprise Applications (n): On-premise or SaaS platforms that require identity security functions to manage access to accounts on them. Enterprise applications in your organization can be discovered using application onboarding.
Entitlement (n): A set of specific permissions granted within a computer system, such as access to a particular building (based on a user's key badge), files and folders, or certain parts of websites. Entitlements also define the actions a user can perform.
Event-Based Processing (n): Identity processing that occurs as a result of an aggregation or provisioning event.
Event Trigger (n): A configuration users can set up so that when a specific event occurs, it will trigger some kind of action.
Exclusion Rule (n): Code that filters the contents of a certification campaign.
F
Fallback Approver (n): The identity assigned to review an access request if the previous reviewers fail to meet the deadline. This identity is assigned through the Update Access Request Configuration API.
Forms (n): A feature that allows users to build forms to collect information from users.
G
Generator (n): A snippet of code that creates the appropriate value for an identity attribute based on information users can configure.
Governance Group (n): A group of identities who can govern access to apps and data. For example, a governance group can be used to review an access request.
H
Helpdesk Administrator (n): A person responsible for assisting users with basic access. They can enable, disable, and unlock accounts. They can view activity and interact with identity data but they cannot make changes to sources, apps, and many other features within Identity Security Cloud.
Home (n): The first page users see when they sign in. This page contains the User Dashboard.
HTTP Proxy VA Configuration (n): A virtual appliance configuration that connects the VA to SailPoint and other required endpoints through a previously configured proxy service.
I
IAM (Identity and Access Management) (n): Fine-grained access control and visibility for centrally managing cloud resources in services like Google Cloud, AWS, and Azure Cloud.
Identity (n): A person or machine who has access within the governed environment or is managed by the SaaS services.
- Person - A human being regarded as an individual.
- Machine or Machine Account - Built-in accounts, devices, service accounts, agents, automations, workloads or any other non-human mechanism that use business processes, workflows and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output.
Refer to SailPoint Customer Agreements Definitions and Additional Terms for more information.
Identity Exception (n): An identity who is missing mandatory key data, such as e-mail address or family name, making it invalid.
Identity Outlier (n): An identity with access that is significantly different than their peers.
Identity Outliers (n): A feature of Access Insights that enables administrators to quickly discover and remediate risky access in an organization.
Identity Profile (n): Instructions for creating and managing identities from the associated authoritative source or sources.
Identity Provider (IDP) (n): The entity in a federated relationship that declares to the service provider, or app, that a user is valid and has permission to authenticate into the app. The identity provider sends the service provider the authentication token used to grant access to the user.
Interactive Process (n): A process in Workflows that allows for user initiation and interaction through messaging and custom form inputs.
IQService (n): A service native to Windows that allows Identity Security Cloud to access information and operate in a Windows environment. This service is necessary communicate with many sources.
IT Administrator (n): Another term for Administrator.
J
Just-in-Time (JIT) Provisioning (n): The creation of an account on an application for a user who attempts to authenticate for the first time.
K
Knowledge-Based Authentication (KBA) (n): A form of multifactor authentication used for resetting user passwords that requires the user to have knowledge unique to the identity they're trying to sign in as.
L
Lifecycle State (n): A term for the employment stage an employee at a company is in. For example, users might be "Pre-Hire," "Employee," or "On Leave."
Launcher (n): A feature that allows an interactive process to be initiated by a user and delegated through entitlements.
Launchpad (n): Where users go to manually initiate an interactive process using a Launcher.
M
Manager Correlation (n): The process that links an employee to their manager.
Manual Processing (n): The process of manually initiating identity processing to update your identities.
Multifactor Authentication (MFA) (n): An authentication method that requires users to use an external authenticator to sign in to Identity Security Cloud.
Multi-Host Group (n): A container that holds multi-host sources and their associated account aggregation and entitlement aggregation groups.
N
Native Change Detection (n): A feature that detects when accounts have been created, updated, or deleted out-of-band.
Native Identity (n): A unique identifier for the account as it appears on the authoritative source.
Network Tunnel VA Configuration (n): A virtual appliance configuration that connects the VA to SailPoint and other endpoints through network tunnel servers.
Non-Employee (n): Any contractor, intern, consultant, or other user in your organization who isn't a full-time permanent employee.
Non-Employee Lifecycle Manager (n): A type of source within Identity Security Cloud that allows admins to create non-employee identities to manage and users to request new non-employee accounts.
Non-Employee Risk Management (n): A SailPoint product that helps users track and manage non-employees and their lifecycles within a company.
O
Org (n): Short for Organization.
Organization (n): A company's Identity Security Cloud system, configurations, users, apps, and everything else managed within Identity Security Cloud.
P
Pass-Through Authentication (n): A tool that enables users to sign in using their network password, which is usually tied to Active Directory or another primary account.
Password Dictionary (n): A list of words and characters that users are prevented from including in their passwords.
Password Interceptor (n): A feature that can detect password changes on some sources and propagate them to other sources and apps.
Password Manager (n): A feature that allows users to manage and review their passwords in one place.
Password Sync Group (n): A group of applications that share a password. Administrators create these groups by grouping the applications' sources.
Peer Group (n): A grouping of identities, generated by machine learning, that have similar entitlements.
Personal Access Token (PAT) (n): A set of user credentials that an API client can use to connect to SailPoint’s APIs.
Potential Role (n): A bundle of access that Role Discovery suggests as a role based on machine learning and user access patterns.
Privilege (n): A feature in Identity Security Cloud that enable teams to manage, govern, and secure identities.
Privileged (adj): Describes an entitlement, access profile, or role that is particularly sensitive or important. Admins can set the Privileged badge for an entitlement to draw attention to it when a manager is doing certifications. Access profiles that contain this entitlement will also be marked as privileged, as will roles that contain those access profiles.
Privileged Task Automation (n): A feature that facilitates the automation of privileged tasks via Workflows.
Provisioning (n): The process of granting, changing, or removing user access to systems, applications, and databases based on the related identity profile and the configuration instructions defined for the related source.
R
Recommendation Engine (n): A SailPoint AI service that uses peer group analysis and identity attributes to recommend access to users and help certifiers decide whether access requests should be approved or denied. Includes Access Request Recommendations and Certification and Approval Recommendations.
Request Center (n): Page where users can request access to apps and access items. Approved applications display on the My Access and My Team tiles on their home page.
Report Admin User (n): A user with permission to view and download reports from the Search, Certifications, Access History, and Data Explore interfaces.
Role (n): A label given to a group of users, based on their meeting certain criteria, that grants them access to specific apps and sources.
Role Admin User (n): A user with permission to view and manage roles, as well as use Search.
Role Discovery (n): A feature of Access Modeling that uses machine learning to identify user access patterns and determine potential roles, or bundles of access. New roles can be automatically created from a potential role.
Role Insights (n): A feature of Access Modeling that provides a greater understanding of an organization's role program and suggests changes to existing roles to make them more secure.
Role Sub-Admin User (n): A user with permission to view, create, and manage roles with access profiles on sources that are associated with the governance groups they are members of. Sub-admins have the ability to search all organization data, not just data associated with their governance group.
Rule (n): A flexible framework that allows users to define custom logic and behavior to perform complex configurations.
S
SailPoint Atlas (n): The unified identity platform that leverages vital common services to power SailPoint's Identity Security Cloud solutions, which allow organizations to centrally discover, manage, and secure access to all applications, enterprise data, and cloud infrastructure for all identity types.
Using Atlas, organizations can maintain a single source of truth, make decisions using machine learning models, automate business processes, receive action-oriented insights, gain visibility across a hybrid environment, and enable zero trust.
SailPoint Identity Security Cloud (n): A microservices SaaS application that empowers organizations to effectively manage and secure access to all critical data, cloud infrastructure, and applications for every enterprise identity.
Scheduled Processing (n): Identity processing that runs twice daily, at 8:00 AM and 8:00 PM in the tenant's configured time zone (default CST/CDT).
Scope (n): Granular permissions users can add to personal access tokens (PATs) to create tokens with the least privilege necessary to fulfill their functions.
Search (n): An interface that lets users search for objects based on specific words or other details that appear within the object's attributes.
Secure Data Sharing (n): A feature that lets users securely access their Identity Security Cloud data from Snowflake using SailPoint's private listing.
Security Assertion Markup Language (SAML) (n): An authentication method that allows SSO through an identity provider that passes authorization credentials to service providers.
Segment (n): A set of identities grouped based on identity attributes. Admins can add access items to segments to make this access visible only to users included in these segments.
Separation of Duties (SoD) (n): A feature that allows admins to maintain control the checks and balances of access that keep an organization safe.
Service Account (n): The administrative account or any account on any system that manages that system.
Service Provider (n): The entity in a federated relationship that a user authenticates into. This is usually an app or another site.
Source (n): A third-party application, database, or directory management system that maintains its own set of users. Identity Security Cloud collects data from these sources, including user information.
Source Admin User (n): A user with permission to view and manage sources, as well as use Search.
Source Sub-Admin User (n): A user with permission to view, create, and manage sources and access profiles only on the sources associated with the governance groups they are members of. Sub-admins can search all organization data, not just data associated with their governance group.
Strong Authentication (n): A feature that allows users to verify their identity through a method other than a password like answering questions or using an external authenticator.
Synchronize Attributes (v): An action an administrator can take on an individual identity's account to copy certain identity attribute values from the identity record to the related account on the source.
T
Task Manager (n): A list of provisioning tasks assigned to and completed by the signed-in user.
TOTP (n): A time-based one-time password provided as a temporary 2FA method.
Transport Layer Security (TLS) (n): An updated and more secure version of Secure Socket Layer (SSL) that is a connection between two computers that encrypts everything sent over the connection. Identity Security Cloud supports TLS encryption.
Transform (n): A tool that allows users to manipulate attribute values while aggregating from or provisioning to a source.
U
Uncorrelated (adj): Data that has been aggregated but is not associated with an existing identity.
Unused Cloud Management Activity (n): The unused actions, entitlements, and services of identities in cloud environments. It is available as a report from Search.
User Dashboard (n): A dashboard that displays the widgets available to users to track their work, access, and team.
User Level (n): A set of permissions that administrators can grant to users.
V
VA (n): Short for Virtual Appliance.
Virtual Appliance (n): A virtual machine (VM) that connects your Identity Security Cloud Platform to your sources and apps using SailPoint APIs, connectors, and integrations.
W
Workflow (n): A set of steps that are completed every time a specific event occurs.
Work Reassignment (n): A feature that allows users to automatically reassign access request reviews, certifications, and manual provisioning tasks to another user.