Glossary

Access Token

Access tokens are tokens that contain security credentials with information that identify the client, user (or group of users) and their privileges. The carrier of such tokens is authorized to access the data from that API.

Authentication

Process of confirming the identity of an entity (e.g. user), based on some type of evidence or validation. This sign-in process verifies the identity of the entity requesting access to a website or web service. Entity can be a person or an agent representing an API request.

Authorization

Process of granting or denying permission for an entity (e.g. user) to access a resource or service or to perform an action.

Authorization Server

The authorization server applies access policies, issuing Access Tokens to the client application (e.g. web application), after obtaining the authorization from the Resource Owner (e.g user).

CORS

CORS (Cross-origin resource sharing) is a mechanism that allows a server to indicate any origins (domain, schema, or port) other than its own, from which a browser should allow the loading of restricted resources. Web pages can therefore embed resources (images, stylesheets, scripts, iframes and videos) from a server in another domain (another origin).

Endpoint

The URLs used when Service Providers and Identity Providers communicate.

Entity ID

Entity ID is a unique identifier that represents an entity, such as Identity Providers or Service Providers. Also refered to as Identity Provider Issuer in Okta applications.

Federated Identity

Federated identity is the identification that allows a user to have their attributes stored on multiple different platforms (identity management systems). As a result, users from one domain can securely access data from other domains, without user administration redundancy. Some of the technologies used by Federated identity include SAML, OAuth, OpenID, Security Tokens, among others.

Groups

Groups corresponds to Teams in previous versions of the Platform. Groups allows you to create and manage user groups for Sensedia products.

Identity and Access Management (IAM)

IAM handles authentication, authorization, and access control to determine what resources users (or groups of users) can access and what roles they can perform.

Identity Provider (IdP)

IdP is the service that manages user accounts by validating a user’s identity in a federated system. It is from the IdP that the Service Provider obtains user’s identity.

Integration

Process that unifies login (access management and users) via federated identities (Federate Identity).

LDAP

Lightweight Directory Access Protocol (LDAP) is a protocol that interacts with directory servers and allows applications to quickly perform searches. LDAP allows users to authenticate only once and access different files on the server.

Metadata

A set of information provided by the IdP to the SP, or vice versa, in XML format.

Multi-Factor Authentication (MFA)

MFA is a method that verifies the identity of the user who is signing in. Access is only granted after the user has been authenticated by at least two different mechanisms, for example: access password and application-generated code.

NameID

Indicates how users at an identity provider are mapped to users at service providers during a single sing-on process.

OAuth 2.0

OAuth (Open Authorization) is a standard online authorization protocol that allows one application or website to authenticate to another on behalf of a user. Access is limited and credentials are not exposed.

OpenID Connect (OIDC)

OIDC is an authorization protocol based on OAuth 2.0. OpenID Connect uses OAuth 2.0 for authentication and authorization and then creates and assigns unique identities for each user.

Policies

Policies is similar to Roles in older versions of the Platform. Policies allows you to control user permissions and manage accesses according to your company’s security needs and policies.

Resource Owner

An entity capable of providing access to a restricted resource.

Resource Server

Server hosting restricted resources. Handles authentication requests from an application that has an access token.

SAML

Security Assertion Markup Language (SAML) is a protocol used to integrate authentication and authorization functions across multiple systems. It enables Single Sign-On across browsers.

Service Provider (SP)

SAML Service Provider is the resource or service (application) that the user wants to access.

Single Sign-On

Single Sign-On is an authentication scheme that allows a user to log in to multiple independent systems using a single ID and password. This is usually made possible by LDAP.