This page provides definitions of terminology used in the IAM space. For a deeper review of IAM concepts, try our Concepts page.
A
Active Directory (AD)
A directory service from Microsoft which implements Internet standard directory and naming protocols. See Austin Active Directory (Austin AD) in the service catalog for the university’s local implementation.
AffiliationAffiliation An affiliation is an attribute which reflects, at a high level, how an individual is related to the university. At any point in time, an individual may have no defined relationship, one defined relationship, or many defined relationships with the university. For example, and individual may be a current student, a future faculty member, a former employee, or all three.
An affiliation is an attribute which reflects, at a high level, how an individual is related to the university. At any point in time, an individual may have no defined relationship, one defined relationship, or many defined relationships with the university. For example, and individual may be a current student, a future faculty member, a former employee, or all three.
Application Programming InterfaceAPI An Application Programming Interface (API) is a set of routines, protocols, and tools for building software applications. (APIAPI An Application Programming Interface (API) is a set of routines, protocols, and tools for building software applications.)
A set of routines, protocols, and tools for building software applications.
Attribute
An attribute is a quality or characteristic ascribed to someone or something. See Concepts for an in-depth discussion.
Austin Active Directory (Austin AD)
The Active Directory service offered and supported by ITSITS Information Technology Services (ITS) Campus Solutions for the university. See Austin Active Directory (Austin AD) in the service catalog for more information.
AuthenticationAuthentication Authentication is the act of determining that a person is who they claim to be. For more information, see our Concepts page.
Authentication is the act of determining that a person is who they claim to be. See Concepts for an in-depth discussion.
AuthorizationAuthorization Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. For more information, see our Concepts page.
Authorization refers to the act of determining whether an authenticated user is allowed to access a specific resource or take a specific action. See Concepts for an in-depth discussion.
D
Data to Insights (D2I)
An initiative to accelerate and modernize the university’s data strategy and enhance the institution’s trusted information infrastructure. See: Data to Insights
Duo
The third-party vendor which supports the university’s implementation of Multi-Factor AuthenticationMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you. For more information, see our Concepts page. (MFAMFA Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-Factor Authentication (MFA) makes use of two or more factors when authenticating you. For more information, see our Concepts page.). Duo Security was acquired by Cisco in 2018.
E
Enterprise Authentication
A standards-based, consolidated web authentication service for the university, allowing for single sign-on (SSOSSO Single Sign-On (SSO) is a service which allows a user to use one set of credentials to access multiple applications.) across participating university web applications.
EntitlementEntitlement An entitlement is an attribute which defines what an account is allowed or authorized to do. An EID holder may have many entitlements, each with a start and end date (end dates may be in perpetuity).
An attribute which defines what an account is allowed or authorized to do. An EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information. holder may have many entitlements, each with a start and end date (end dates may be in perpetuity).
F
Fiscal Year (FY)
The fiscal year at the university runs from September 1 through August 31 of the following calendar year. Broken down into quarters:
Q1: September – November
Q2: December – February
Q3: March – May
Q4: June – August
See the related askUS article for more information.
Fit-Gap
An analysis which determines the extent to which a solution meets the established needs and requirements and identifies areas where those requirements are not met.
G
Guest Authentication
A future offering which will allow individuals not closely tied to the university (e.g., admissions applicants, job applicants, alumni) to authenticate using an identity (e.g. Google, Microsoft) other than their UT EIDUT EID The University of Texas Electronic Identity (UT EID or EID) is the public records identifier for principals at the university. See our Concepts page for more information..
Grouper
A component of the InCommon Trusted Access Platform, Grouper acts as an enterprise group and access management system.
I
Identity Governance & Administration (IGAIGA Identity Governance and Administration (IGA) refers to a set of processes and technologies used by organizations to manage and control user access to resources and information within their systems. This includes managing user identities, roles, and permissions, as well as monitoring and auditing user activities to ensure compliance with regulations and policies. IGA helps organizations reduce security risks, improve regulatory compliance, and streamline user access management across different systems and applications.)
A sub-team of the IAM Team who handle identity management and authorization.
Identifier
An identifier is a special type of attribute consisting of a (generally) unique label for an identity. See Concepts for an in-depth discussion.
Identity
An identity is the collection of accounts and identifiers associated with a particular person (or sometimes a non-person entity). See Concepts for an in-depth discussion.
Identity Life Cycle
This concept covers the entire lifetime of an identity from creation to deletion and every possible step in between. See Concepts for an in-depth discussion.
Identity ProviderIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The Identity Provider (IdP) manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page. (IdPIdP An Identity Provider (IdP) is a software tool or service that offers user authentication as a service. The Identity Provider (IdP) manages the user's primary authentication credentials and issues assertions derived from those credentials. At UT Austin, the primary IdP used to authenticate the UT EID and EID Password is Enterprise Authentication, which is managed by the IAM Team. For more information, see our Concepts page.)
In an authentication relationship, the Identity Provider (IdP) provides the identity and the Service Provider (SPSP A Service Provider (SP) is the server/system which hosts the resource. In this context, you (or your vendor) are configuring the SP that provides a service to your customers. Your SP will integrate with our IdP. For more information, see our Concepts page.) provides the service. See Concepts for an in-depth discussion.
IdentityIQIIQ SailPoint IdentityIQ (IIQ) is a group- and role-based authorization management service. See Identity Lifecycle Management for more information. (IIQIIQ SailPoint IdentityIQ (IIQ) is a group- and role-based authorization management service. See Identity Lifecycle Management for more information.)
A group- and role-based authorization management service offered by SailPoint.
InCommon Federation
A federation of educational institutions, research organizations, and commercial resource providers which allows single sign-on across federation members to support collaboration and access to shared tools. Enterprise Authentication is a member of the InCommon federation.
Information Security OfficeISO The Information Security Office (ISO) is the university’s information security team. (ISOISO The Information Security Office (ISO) is the university’s information security team.)
The university’s information security team .
L
LEARN Federation
The university’s authentication offerings are part of the Lonestar Education And Research Network (LEARN) federation which allows the university to collaborate with other members of the federation.
M
midPoint
A component of the Incommon Trusted Access Platform, midPoint synchronizes databases so that role and authorizations are up to date.
Metadata
Metadata is a set of data that describes and gives information about other data. See Concepts for an in-depth discussion.
Multi-Factor Authentication (MFA)
Authentication makes use of one or more factors of authentication: something you know (e.g., a password), something you have (e.g., your smartphone), or something you are (e.g., a fingerprint). Multi-factor authentication makes use of two or more factors when authenticating you. See Concepts for an in-depth discussion.
O
OpenID ConnectOIDC OpenID Connect 1.0 is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. (OIDCOIDC OpenID Connect 1.0 is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access.)
An authentication layer built on OAuthOIDC OpenID Connect 1.0 is an authentication layer built on OAuth 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access. 2.0 where the identity provider that runs the authorization server also holds the protected resource that the third-party application aims to access.
P
Proof of ConceptPOC A Proof of Concept (POC) is the implementation of a functional prototype for the purposes of validating that a technology or approach is possible. (POCPOC A Proof of Concept (POC) is the implementation of a functional prototype for the purposes of validating that a technology or approach is possible.)
The implementation of a functional prototype for the purposes of validating that a technology or approach is possible.
Privileged Access ManagementPAM Privileged Access Management (PAM) identifies the users and technologies that need privileged access and assigns specific policies to them. (PAMPAM Privileged Access Management (PAM) identifies the users and technologies that need privileged access and assigns specific policies to them.)
An information security mechanism that safeguards identities with special access or capabilities beyond regular users.
R
RabbitMQ
The Message Broker service offered by ITS Campus Solutions.
S
SailPoint
The third-party vendor which supports IdentityIQ (IIQ).
Security Assertion Markup LanguageSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider). (SAMLSAML Security Assertion Markup Language (SAML) is a standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity provider).)
A standard, XML-based language for exchanging authentication and authorization data between identity providers and service providers. This standard is currently used by Enterprise Authentication (as well as hundreds of service providers that integrate with our identity providers).
Service Provider (SP)
In an authentication relationship, the Identity Provider (IdP) provides the identity and the Service Provider (SP) provides the service. See Concepts for an in-depth discussion.
Shibboleth
A component of the Incommon Trusted Access Platform which provides a single sign-on (SSO) federated identity solution, the Shibboleth software powers the SAML-based authentications at the University performed via the Enterprise Authentication service.
Simplest Functional ProductSFP The Simplest Functional Product (SFP) is a product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC). (SFPSFP The Simplest Functional Product (SFP) is a product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC).)
A product which provides the absolute bare-minimum of desired functionality. Similar to a proof of concept (POC).
Single Sign-On (SSO)
A service which allows a user to use one set of credentials to access multiple applications.
T
Technical Support Contact (TSC)
A technical support individual designated for a particular college, school, or unit.
Trusted Access Platform (TAPTAP The InCommon Trusted Access Platform is an identity and access management suite of software.)
The InCommon Trusted Access Platform is an identity and access management suite of software.
U
University of Texas Electronic Identity (UT EID or EID)
The public records identifier for principals at the university. See the Identity Management knowledge articles for more information.
uTexas Enterprise Directory (TEDTED The uTexas Enterprise Directory (TED) is the university’s enterprise directory. See uTexas Enterprise Directory (TED) in the service catalog for more information.)
The university’s enterprise directory. See Directory Services for more information.
uTexas Identity Manager (TIMTIM The uTexas Identity Manager (TIM) is the university’s identity manager. See uTexas Identity Manager (TIM) in the service catalog for more information.)
The university’s identity manager. See Identity Management for more information.
W
White Pages Service (WPSWPS The White Pages Service (WPS) is a directory back-end which supports the university’s web-based public directory.)
The directory back-end which supports the university’s web-based public directory .