This page provides definitions of terminology used in the IAM space. For a deeper review of IAM concepts, try our Concepts page.
A
Active Directory (AD)
A directory service from Microsoft which implements Internet standard directory and naming protocols. See Austin Active Directory (Austin AD) in the service catalog for the university’s local implementation.
AffiliationAffiliation An affiliation is an attribute which reflects, at a high level, how an individual is related to the university. At any point in time, an individual may have no defined relationship, one defined relationship, or many defined relationships with the university. For example, and individual may be a current student, a future faculty member, a former employee, or all three.
An attribute which designates, at a high level, how an individual is related to the university. For example, and individual may be a current student, a future faculty member, a former employee, or all three.
Application Programming InterfaceAPI An Application Programming Interface (API) is a set of routines, protocols, and tools for building software applications. (APIAPI An Application Programming Interface (API) is a set of routines, protocols, and tools for building software applications.)
A set of routines, protocols, and tools for building software applications.
Austin Active Directory (Austin AD)
The Active Directory service offered and supported by ITSITS Information Technology Services (ITS) Campus Solutions for the university. See Austin Active Directory (Austin AD) in the service catalog for more information.
D
Data to Insights (D2I)
An initiative to accelerate and modernize the university’s data strategy and enhance the institution’s trusted information infrastructure. See: Data to Insights
Duo
The third-party vendor which supports the university’s implementation of Multi-Factor AuthenticationMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you. (MFAMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you.).
E
Enterprise AuthenticationAuthentication Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources.
A standards-based, consolidated web authentication service for the university, allowing for single sign-on (SSOSSO Single Sign-On (SSO) is a service which allows a user to use one set of credentials to access multiple applications.) across participating university web applications.
EntitlementEntitlement An attribute which defines what an account is allowed or authorized to do. An EID holder may have many entitlements, each with a start and end date (end dates may be in perpetuity).
An attribute which defines what an account is allowed or authorized to do.
F
Fiscal Year
The fiscal year at the university runs from September 1 through August 31 of the following calendar year. Broken down into quarters:
Q1: September – November
Q2: December – February
Q3: March – May
Q4: June – August
See the related askUS article for more information.
Fit-Gap
An analysis which determines the extent to which a solution meets the established needs and requirements and identifies areas where those requirements are not met.
G
Guest Authentication
A future offering which will allow individuals not closely tied to the university (e.g., admissions applicants, job applicants, alumni) to authenticate using an identity (e.g. Google, Microsoft) other than their UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See EID in the service catalog for more information..
Grouper
A component of the InCommon Trusted Access Platform, Grouper acts as an enterprise group and access management system.
I
Identity Governance & Administration (IGAIGA Identity Governance and Administration (IGA) refers to a set of processes and technologies used by organizations to manage and control user access to resources and information within their systems. This includes managing user identities, roles, and permissions, as well as monitoring and auditing user activities to ensure compliance with regulations and policies. IGA helps organizations reduce security risks, improve regulatory compliance, and streamline user access management across different systems and applications.)
A sub-team of the IAM Team who handle identity management and authorizationAuthorization Access privileges granted to a user, program, or process or the act of granting those privileges..
Identity Life Cycle
This concept covers the entire lifetime of an identity from creation to deletion and every possible step in between.
IdentityIQIIQ SailPoint IdentityIQ (IIQ) is a group- and role-based authorization management service. See Identity Lifecycle Management for more information. (IIQIIQ SailPoint IdentityIQ (IIQ) is a group- and role-based authorization management service. See Identity Lifecycle Management for more information.)
A group- and role-based authorization management service offered by SailPoint.
InCommon Federation
A federation of educational institutions, research organizations, and commercial resource providers which allows single sign-on across federation members to support collaboration and access to shared tools. Enterprise Authentication is a member of the InCommon federation.
Information Security OfficeISO The Information Security Office (ISO) is the university’s information security team. (ISOISO The Information Security Office (ISO) is the university’s information security team.)
The university’s information security team .
L
LEARN Federation
The university’s authentication offerings are part of the Lonestar Education And Research Network (LEARN) federation which allows the university to collaborate with other members of the federation.
M
midPoint
A component of the Incommon Trusted Access Platform, midPoint synchronizes databases so that role and authorizations are up to date.
Multi-Factor Authentication (MFA)
Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-factor authentication makes use of two or more factors when authenticating you.
O
OpenID ConnectOIDC OpenID Connect 1.0 is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. (OIDCOIDC OpenID Connect 1.0 is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access.)
An authentication layer built on OAuthOIDC OpenID Connect 1.0 is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. 2.0 where the identity providerIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The Identity Provider (IdP) manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. that runs the authorization server also holds the protected resource that the third-party application aims to access.
P
Proof of ConceptPOC A Proof of Concept (POC) is the implementation of a functional prototype for the purposes of validating that a technology or approach is possible. (POCPOC A Proof of Concept (POC) is the implementation of a functional prototype for the purposes of validating that a technology or approach is possible.)
The implementation of a functional prototype for the purposes of validating that a technology or approach is possible.
Privileged Access ManagementPAM Privileged Access Management (PAM) identifies the users and technologies that need privileged access and assigns specific policies to them. (PAMPAM Privileged Access Management (PAM) identifies the users and technologies that need privileged access and assigns specific policies to them.)
An information security mechanism that safeguards identities with special access or capabilities beyond regular users.
R
RabbitMQ
The Message Broker service offered by ITS Campus Solutions.
S
SailPoint
The third-party vendor which supports IdentityIQ (IIQ).
Security Assertion Markup LanguageSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider). (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider).)
A standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity providers).
Shibboleth
A component of the Incommon Trusted Access Platform which provides a single sign-on (SSO) federated identity solution, the Shibboleth software powers the SAML-based authentications at the University performed via the Enterprise Authentication service.
Simplest Functional ProductSFP The Simplest Functional Product (SFP) is a product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC). (SFPSFP The Simplest Functional Product (SFP) is a product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC).)
A product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC).
Single Sign-On (SSO)
A service which allows a user to use one set of credentials to access multiple applications.
T
Technical Support Contact (TSC)
A technical support individual designated for a particular college, school, or unit.
Trusted Access Platform (TAPTAP The InCommon Trusted Access Platform is an identity and access management suite of software.)
The InCommon Trusted Access Platform is an identity and access management suite of software.
U
University of Texas Electronic Identity (UT EID or EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See EID in the service catalog for more information.)
The public records identifier for principals at the university. See the Identity Management knowledge articles for more information.
uTexas Enterprise Directory (TEDTED The uTexas Enterprise Directory (TED) is the university’s enterprise directory. See uTexas Enterprise Directory (TED) in the service catalog for more information.)
The university’s enterprise directory. See Directory Services for more information.
uTexas Identity Manager (TIMTIM The uTexas Identity Manager (TIM) is the university’s identity manager. See uTexas Identity Manager (TIM) in the service catalog for more information.)
The university’s identity manager. See Identity Management for more information.
W
White Pages Service (WPSWPS The White Pages Service (WPS) is a directory back-end which supports the university’s web-based public directory.)
The directory back-end which supports the university’s web-based public directory .
