Terms and Definitions

  • CAS

Central Authentication Service, which is the single sign on tool we use for access to most of the VCU web applications.

  • Connector

Connectors facilitate data transfers between producers and consumers of identity and access data.

  • Credential

 An identifier employed by the user to gain access to a network. It's the user's password, public key infrastructure (PKI) certificate or biometric information (fingerprint, retinal scan).

  • Digital identity

     The digital identity includes the identity attributes of and any access privileges. 

  • Entitlement

     The set of attributes that specify the access rights and privileges of an authenticated security principal.

  • Identity Lifecycle Management

    Identity lifecycle management refers to the entire set of processes and technologies for maintaining and updating digital identities. Identity lifecycle management includes identity synchronization, provisioning, de-provisioning, and the ongoing management of user attributes, credentials and entitlements.

  • Identity Synchronization

The process of synchronizing identity data across systems or identity vaults.

  • Identity Vault

An identity vault is a secure location where the attributes / data that construct an identity are stored.  The identity vault serves as an authoritative source for identity data, and synchronizes this data down to consuming systems. 

  • LDAP

Lightweight Directory Access Protocol (LDAP) provides connection to directory services in order to search and modify objects.

  • OAuth

OAuth is used for authorizing access to third-party websites without exposing passwords.

  • Offboarding (deprovisioning)

Offboarding is the process of disabling accounts and revoking access.

  • Onboarding (provisioning)

Onboarding is the process of creating accounts and granting access through roles and group memberships

  • Self Service Password reset

An identity management system that allows users to re-establish their own passwords, relieving the administrators of the job and cutting support calls. The reset application is usually accessed by the user through a browser. The application asks for a secret word or a set of questions to verify the user's identity.

  • SAML

Secure Assertion Markup Language (SAML) allows secure web domains to exchange authentication and authorization data

  • Single Sign On (SSO)

Single Sign On permits a user to access multiple applications with a single set of credentials.