Skip to main content

Glossary

These acronyms, terms, and concepts are relevant to migration efforts, Identity and Access Management in general, and appear throughout this docusite.

TermDefinition
Access groupGroups of users that can be used to restrict access to your group; can be created based on department, region or other category by using a naming convention that reflects the purpose or audience of the group (e.g., US-Sales-All).
ACSAssertion Consumer Service
ADFSActive Directory Federated Services
Admin accountThis is usually someone from the application team who is delegated to perform several app management tasks, such as renewing certificates and secrets or adding owners, users or groups to the app.
APIApplication Programme Interface
App integrationThis is the process where the IAM team will create a trust between the IdP and the application using a configuration provided by the app team. Upon completion, the IAM team will provide metadata, endpoints, certificates and other IdP configuration information that the app team will need to upload to the app.
App migrationThis is the process where the IAM team will create a copy of the application integration from PwC ID, in Entra ID, and the app team will replace the PwC ID configuration information with Entra ID configuration information. This will enable users to authenticate with Entra ID as opposed to PwC ID.
Application permissionsApplication permissions are applied to those Entra apps that authenticate directly against Entra and there are no users authenticating. This type of permission is needed for background service, automations, daemons, etc. These permissions are also known as app roles. Learn more.
ARRApplication Readiness Review (NIS) or Application Review Request (M365)
Assigned groupAn assigned group is a group in Entra where the member users and groups must be manually managed/added/removed by the group owners. This type of group can be created on GUM/One AD and synced to Entra or created directly in Entra. Anyone can create assigned groups in Entra by logging into https://mygroups.microsoft.com.
AuthenticationAuthentication is the process where a user or service proves or authenticates their identity to an IdP.
AuthorisationAuthorisation is the process where an IdP verifies if the user is allowed to access the resource or application that they are trying to log in to.
B2BBusiness to Business
BAUBusiness As Usual
CAPConditional Access Policy
CBACertificate-Based Authentication
CIConfiguration Item
Delegated permissionsDelegated permissions are applied to Entra apps to allow the app to act on behalf of the authenticating user. These are needed for public apps that require an end user authentication. They are also known as scopes. Learn more.
Dynamic groupA dynamic group describes any group that does not require the manual addition/removal of users and other groups but does so automatically based on group membership rules as defined either during the creation of the group or modified later. Dynamic groups are to be created only on-premises (SailPoint) and then synced to Entra ID and should not be created directly in Entra ID.
Entra IDEntra ID is the cloud-based IAM tool from Microsoft.
GUIDGlobal User ID
GUMGlobal User Management (GUM) is the portal where PwC users can create/manage/delete internal as well as external users and groups.
IAMIdentity and Access Management
IDaaSIdentity as a Service
IdPIdentity Provider (IdP) refers to any product or service that is capable of authenticating, authorizing and federating trust between users and other applications within and outside the internal network. Entra, ForgeRock OpenAM, Okta are examples of Identity Providers.
KMSIKeep Me Signed In
LDAPLightweight Directory Access Protocol
MFAMulti-factor authentication
OAuthOpen Authorisation (OAuth) is an industry standard protocol used for authorisation. Learn more.
OTPOne Time Password
PoCProof of Concept
PwC IDPwC Identity (PwC ID) is a term that usually refers to the PwC on-premises instance of ForgeRock OpenAM IdP service. Learn more.
RFCRequest for Change
RPRelying Party or Resource Provider (RP) is the organisation that receives and processes claims; it typically references the application that the user is trying to authenticate with.
SaaSSoftware as a Service
SAMLSecurity Assertion Markup Language (SAML) is an industry standard protocol for authentication. Learn more.
SCIMSystem for Cross-Domain Identity Management (SCIM) is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems. SCIM ensures that employees added to the Human Capital Management (HCM) system automatically have accounts created in Microsoft Entra ID or Windows Server Active Directory. User attributes and profiles are synchronized between the two systems, updating and removing users based on the user status or role change. Learn more.
ScopesScopes is also referred to as delegate permissions; these permissions are sent on the authentication request, and an access token will be issued by Entra only if these permissions are assigned to the migrated app on Entra.
SLAService Level Agreement
SNowServiceNow
SPASingle Page App
SSOSingle Sign On (SSO) is the authentication process where the user is prompted for the username/email address, no more than once. This is done by re-using tokens cached on the user's PC or the browser to perform silent/non-interactive authentication in the background.
Static GroupA static group is the same as an assigned group. It is a group that can be added in GUM/One AD/Entra where the membership is manually managed by the group owner.
TokenA token is a document that is usually signed using certificates, and that contains sensitive authentication and/or authorisation information of the user, service, application, IdP and resource; it also contains details of the authenticated session and validity token.
WAPWeb Application Firewall
WS-FedWeb Service Federation (WS-Fed) is an identity federation protocol that can be used for authentication and is supported by PwC ID and Entra ID. Learn more.