Multi-cloud Identity Management

IAM glossary: key Identity & Access Management terms explained

Wooden alphabet blocks

If you’re new to identity and access management (IAM), it won’t take long for your head to start swimming. All that jargon and the concepts aren’t just unfamiliar — they can be complex and highly technical. Even seasoned IAM pros can get snagged by similar terms and new concepts.

A great place to gain a greater understanding of IAM is to know the key terminology that you come across. Here’s Strata’s handy IAM glossary of identity and access management terms, for your quick and easy reference.



An application (or “app” for short) is a software program that can be installed on a computer, laptop, or another device such as a tablet or a smartphone. The term “app” is usually used to refer specifically to a mobile software application.

App migration

The act of moving a software application from a legacy server to a new server — for example, from on-premise servers that are located on-site to cloud servers.

Abstraction layer

An abstraction layer creates a separation — in this case, computing tasks — into two things, or entities. It’s used in computer programming to provide a way to make a series of complex tasks simple by breaking them down into their component parts.


The process of verifying a user or device and ensuring that the user is who they say they are. For example, a login screen authenticates the user by matching the username with the correct password. 


Authorization is the process a server uses to determine if a user has permission to access the requested information, application, or webpage. Authorization usually coincides with authentication. 

Cloud migration

Moving data or an application from a legacy on-premises server to the cloud. See “App migration.”

Cloud computing

The delivery of computing services over the internet — for example, servers, storage, databases, networking, software, analytics, and intelligence. Cloud services typically provide greater computing power and speed, security, and data storage.

Distributed identity 

Distributed identity (sometimes called decentralized identity) is what happens when companies adopt a multi-cloud strategy. Digital identities are stored in multiple places and the person associated with those identities needs to control the access to their personal information. Identity is stored in a trusted, distributed location. Access to the identity is verified using a trusted external entity.

End of life (EOL)/ end of support

End of life occurs when a software application (or an older version of the application) is no longer being supported by the developer or vendor.

Hybrid cloud

The combination of an on-premise data center with a public cloud that shares data and applications. A hybrid cloud solution allows organizations to use the cloud as needed when demand exceeds their on-premise datacenter’s capabilities.

Identity orchestration

Identity orchestration refers to a logical “Identity Fabric” (see below) that ensures identities and user access policies are consistent across disparate identity systems and multiple locations, both in the cloud and on-premises. It allows distributed identity systems to work as one.

Identity verification

The process of ensuring that a user is who they claim to be. See “Authentication.”

Identity fabric

A distributed identity model for managing identity silos that come with each cloud in a multi-cloud environment. 

Identity mesh

See “Identity Fabric”

Identity silos (A.K.A. identity domains)

Domains where user identities exist, which are interoperable systems that can’t communicate with each other. Identity silos make it difficult to gain a comprehensive view of a user base and create opportunities for data breaches.

Identity and access management (IAM)

A security methodology that ensures the right users have the right access to the right resources at the right time. IAM includes systems and processes that work together to assign a single digital identity to each user. The user is authenticated when they log in and authorized for specific access. IAM also monitors and manages those identities throughout their life cycles.

Identity and access management is critical to an organization’s security program because it stands between users and sensitive information. IAM must ensure that only the right people have the right access to the right data and controls.

Identity & application migration

Migration generally means moving from old legacy identity systems to new modern, cloud-native identity systems. A migration has two components: user identity migration and application migration. Identity refers to the people/names who are registered to use a computing system. 

Identity provider (IdP)

An identity provider is a system entity that creates, maintains, and manages a user’s digital identities. It assigns a unique set of credentials for each user.

Lift & shift cloud migration process

Also known as “rehosting,” this process migrates an exact copy of an application or workload from IT one environment (typically on-premise) to another (usually the cloud). This strategy is faster and simpler because it doesn’t involve any change to the application architecture and code.

Legacy identity system

An identity management system that is built on a legacy, on-premises platform.

Legacy apps

A legacy app, or application, is a software application that was written for an earlier, frequently on-premises, operating system or hardware platform. For example, the app may have been intended to be installed directly on a desktop computer, rather than developed as a SaaS application.


The use of two or more cloud services. Multi-cloud services give companies greater flexibility to optimize performance, cut costs, and use the best cloud technologies.

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, designed to control access to your apps — making it easy for authorized users and restricting access to unauthorized users. 

Multi-factor authentication (MFA)

MFA uses multiple ways to confirm a user’s identity when they attempt to sign in to an application. Multiple factors make it more difficult for an unauthorized user to gain access. One example of MFA is a password, paired with a text or email confirmation.

On-premises identity system

An identity management system that uses on-premises software. See also “Legacy identity system.”


The automated configuration and management of computing systems. Orchestration helps IT to more easily manage complex tasks and workflows.

Oracle Access Manager (OAM)

Oracle’s out-of-the-box single sign-on (SSO) manager.


OpenID Connect (OIDC) is an authentication protocol. It verifies a user’s identity when they try to access a protected HTTPS site.


Passwordless authentication

The process of verifying a user’s identity without using a password. These methods often include biometrics or a secondary device.

Password policy

A set of rules that enforce password settings. For example, your company’s password policy may require a minimum number of characters, a mix of upper and lowercase letters, and special characters.

Password management

This is a set of principles and best practices for choosing, storing, and managing your passwords. The idea is to make sure that passwords are secure from unauthorized users.


Security Assertion Markup Language (SAML) is an open standard that simplifies the login experience for users. It lets you access multiple applications with a single set of credentials that you only have to enter once.

Secure hybrid access

A platform that provides secure remote access to on-premises web applications. Strata’s Maverics platform provides secure hybrid access and helps organizations achieve Zero Trust.

Two-factor authentication (2FA)

Multi-factor authentication uses two factors. See “Multi-factor Authentication.”

Zero Trust

A framework that assumes everything behind a corporate firewall is untrusted rather than assuming it’s safe. Zero Trust comes from a perspective of “never trust, always verify.”


Use this list of identity and access management key terms as a cheat sheet to keep track of the acronyms and similar words that can trip up IAM newbies and lifers alike. Did we leave any off the list? Let us know!

Become a distributed identity expert.

Get the latest articles on all things identity, multi-cloud, and hybrid delivered straight to your inbox.

Heidi King

Content Strategy Manager