Glossary of Terms #
List of terminologies related to Cipher EIAM used in this documentation
| Term | Description |
|---|---|
| Auth Profile | An auth profile is a generic term used to denote anything that needs to be authenticated. It can refer to people, clients or bots. An auth profile is a container for an authenticable entity. It contains a list of available identities along with any meta information about those identities that would be required to determine and execute an authentication plan. |
| People | People represent the auth profile of employees of the tenant which can be authenticated with various interactive challenge mechanisms. These represent the profile of a real world person. |
| Bots | Bots represent the auth profile of entities of the tenant which can be authenticated with non-interactive challenge mechanisms. Bots are mainly used for machine to machine interaction. |
| Clients | Clients are applications used by people. These are not auth profiles that are independently usable like bots. It impersonates people and access services as them. |
| Auth Profile ID | In the Cipher system, each Auth Profile has a unique identifier, called Auth Profile ID. |
| Attributes | Attributes are the custom properties that the tenant can add in an auth profile. These are not challengeable i.e. these cannot be used to uniquely identify a person. |
| Identity | Identity is any identifier or attribute of an auth profile. Each identity identifies . There are two kinds of identities. The first kind can be used to electronically challenge a employee and verify the response in order to authenticate the employee. These are the identities that can be used in an authentication session and goes by the name Verifiable Identity. Whereas the other is just an auth profile attribute and doesn’t take part in authentication. Each Identity is provided by an identity provider (IDP) in a domain. |
| Identity Provider | Identity provider is an entity that verifies a particular type of verifiable identity. An Identity Provider is used for the complete lifecycle management of an identity. Each time an attribute corresponding to an identity is added/edited to the auth profile, it is validated by the identity provider. |
| Challenge mechanism | A challenge mechanism is a way to ascertain that a person is who he claims he is. Challenge mechanisms do this by validating a piece of information a person knows(static passwords), owns(OTPs) or is(biometrics). |
| Authentication Plan | An authentication plan is a set of instructions that must be carried out in order to successfully authenticate an auth profile. It consists of a list of set of identities. The number of items in the list is the number of factors required for the authentication. An authentication plan is represented by a series of steps a person has to go through to authenticate himself/herself. Each step may have multiple challenge mechanisms to choose from, for the purpose of verifying his/her identity. |
| Scope | A scope indicates the sensitivity measure of the resources that are being accessed by an auth profile. A scope is linked to at least one authentication plan. A very high sensitive scope may require the auth profile to authenticate with a multi-step authentication plan whereas a low sensitive scope may allow frictionless authentication plan for the auth profile accessing it. Scope can also be configured with some other constraints like IP Addresses and IP locations. Any auth profile who wants to get authenticated within a scope has to satisfy all the constraints configured for that scope. |
| Administrators | Administrators are people who have access to the domain and can change settings related to a domain. These settings include all the Identity Management section settings. |
| Object | An object is an entity that can be accessed to perform a useful operation. |
| Role | Role is an activity that can be performed on objects of a module. Roles will be pre-defined for every object that is made available as a part of a module. Tenants would not be able to create a new role or configure an existing rule. Roles can only be assigned to people to provide them with access to objects of a module. |
| Sandbox | The Sandbox framework is a generic access control framework that could be used in any compatible application domain. It provides mechanisms to define an application domain by specifying the accessible objects and the actions the domain can support on those objects. It brings in employees from an authentication domain and provides tools to define which employees can perform which actions on the objects. |
| Product | A product at EIAM level is a way of define the access rules for a group of people, bots and clients who want to get access to various resources as a part of a Product offering. Each sandbox is a product in Cipher EIAM. |
| Domain | Domain is a self-sufficient, closed environment for an authentication system. Cipher IAM multi-domain system. However, a single authentication session must exist in the context of one and only one domain and should never require cross-domain interaction. |