cidaas blog

The most important information about Customer Identity and Access Management at a glance.

All | # A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
There are currently 54 budgies in this directory
Access Token
The access token is part of the Auth2.0 standard. It is issued after successful login and contains information about the user's authorizations.

API / programming interface
API stands for Application Programming Interface. The term is used in software development and describes a programming interface. An interface enables communication and data transfer.

In an authentication process a person is verified as the person he or she claims to be. We authenticate ourselves several times at different apps and portals by logging in with our access data or other login procedures.

Authentication methods
The verification of a user's identity or the authentication of a user can be done in different ways. The most common authentication methods include conventional username/password entry, authentication using biometric factors such as face, fingerprint or voice, pattern-based authentication, smart push, time-based one-time password (TOTP), back-up codes, FIDO2, email, SMS and IVR-based authentication.

Authentication module
Module of an IAM that provides a specific authentication method and authenticates the user by checking the corresponding attributes assigned to the authentication method, thus authenticating the user in the positive case.

The authorization checks the permissions of a user, i.e. during this process, it is ensured that the user has the necessary rights to request a website, for example.

Backup codes
Backup codes are a possible authentication method. Basically, this is a list of codes, as known from a TAN list, which can be used one after the other to confirm identity.

Biometric authentication
Unique characteristics of a person such as the face, fingerprint, iris or voice can be used for authentication. Already today the identification of persons is possible via Touch ID, Android Fingerprint but also via other devices like webcams.

A person's face, voice, or fingerprint are biometrically unique and are therefore used for secure and convenient identification.

Cloud software
Cloud software, or software as a service, is software that is provided via "the cloud", i.e. the Internet. Companies that offer these computing services are called cloud providers. These companies are no longer required to own their servers, install and maintain the software, as in the past, but can purchase the services directly.

Consent Management
The EU GDPR Regulation demands users to give their consent to collect and process their personal data. A consent management system enables declarations of consent to be stored, versioned and obtained from the user during registration, updates and when required.

CTAP (Client To Authenticator Protocol)
CTAP (Client To Authenticator Protocol) is the next innovation in password-free digital travel. Technically speaking, it specifies how the connection between the external authenticator, e.g. a fingerprint sensor connected to the device or the USB stick, and the platform must be standardised.

Customer identity management
A customer identity and access management solution is used to identify customers. It is particularly important to make registration, onboarding, and identification as convenient as possible in digital and real terms without neglecting security. This enables us to realize use cases around digital identity and create an excellent customer journey.

Device management
Device Management stands for the administration of devices based on device information such as browser, operating system, device type e.g. smartphone, tablet etc. It is important for Identity Management because on one hand a user can be identified by a device, on another it provides important information about fraudulent behaviour.

E-mail-based verification
With email-based authentication, the user receives a verification code to their registered email address and must enter it to confirm their identity.

Email Opt-in
E-mail opt-in refers to the automatic e-mail verification after registration. This e-mail verification is used to ensure the identity of a user. After a successful registration, the user will receive an e-mail with further instructions to confirm his account. This e-mail may contain, for example, a unique link that takes the user to a preconfigured landing page of the provider after confirmation.

Face recognition
Face recognition is a biometric authentication method. Like passwords or PIN numbers, face recognition is intended to identify the respective person.

FIDO Alliance
The FIDO ("Fast IDentity Online") Alliance is an industry consortium founded in February 2013 to develop open and license-free standards for worldwide password-free authentication. This has resulted in the currently important standards FIDO2, WebAuthn and CTAP, among others.

FIDO U2F is a 2-factor authentication standard and the predecessor of CTAP (Client to Authenticator Protocol)

FIDO2 is composed of CTAP and WebAuthn and standardizes the passwordless identification of a user.

The fingerprint is a biometric authentication method. Like passwords or PIN numbers, the fingerprint is intended to identify the respective person.

Fraud Detection
Identity theft is a major threat on any digital service. Fraud Detection detects suspicious behaviour and fraudulent actions in real time and initiates countermeasures.

General Data Protection Regulation (EU-GDPR) is a European Union regulation for the uniform processing and protection of personal data within the European Union (EU) and the European internal market. Its main aim is to give individuals control over their personal data and to ensure the free movement of data within the European internal market.

General Data Protection Regulation (EU-GDPR), contains several requirements and security measures that must be observed when handling personal data. Companies that meet all these obligations are in compliance with the GDPR.

Identity and Access Management (IAM) is used internally in the company to set up and authorize employee access. In the meantime, a distinction is made between Enterprise IAM and Customer IAM.

An identity is a unique identifier for a person, organization, resource or service together with optional additional information (e.g. permissions, attributes). The identity includes uniquely identifying characteristics.

Identity management
Identity Management (Identity Management or ID- Management) is an administration area that deals with the identification of individuals in a system (for example country, network or company). It controls the access of individuals to a resource within the system by comparing user rights and restrictions with the defined identity.

Interceptor is a term used in software development. In Identity Management, for example, an Interceptor works as follows: The user calls up a URL in the browser and the front end then requests a backend service for the data. The Interceptor interacts with this service, checks whether the user is authenticated and authorised to retrieve the data and reacts accordingly.

IVR-based verification
IVR stands for Interactive Voice Response and is a speech dialog system. - The user receives a voice call on his registered device and has to enter the provided verification code to get his identity verified.

JWT (Json Web Token) is an open standard that provides a compact and self-contained path for secure transmission of information between parties on the Web as a JSON object. This token can be verified and is trusted because it is digitally signed using a different standard called JWS (Json Web Token Signature). In the token's playload, additional information could be placed in self-defined data fields, and what content can be transmitted decrypted using another standard JWE (Json Web Encryption). JWT is used on the web as a standardized way to realize SSO and secure transmission of information between parties/participants (API consumers, applications, ...)

The "Lightweight Directory Access Protocol" (LDAP) is a network protocol that provides data from an LDAP directory like a user administration. As LDAP is still frequently used in companies, cidaas can integrate this as a login provider and provide a smooth transition to the secure, new identity protocols.

Multi-factor authentication
Multi-Factor Authentication (MFA) refers to the process of confirming an identity by at least two factors, either incrementally by a query through another authentication method or implicitly in an authentication method.

OAuth2 is an authorization standard. It is used to secure interfaces by checking a token for the authorizations of the application and the user.

One-time password (OTP)
An OTP (One-Time Password) is an automatically generated number or alphanumeric string that is used to authenticate a user for a single session. One-time passwords are used as a replacement or addition to the authentication to give the construct an additional layer of security.

OpenID Connect (OIDC)
OpenID Connect (OIDC) is a standard authentication protocol that adds an identification layer to the previous OAuth 2.0 standard. OIDC provides information to the end user in the form of an id token, through which the identity is verified. The standard is controlled by the OpenID Foundation.

Password less authentication
Authentication mechanism which allows users to log in and access your resources/sources without using passwords. Password alternatives include One-Time-Password (OTP) or biometric methods.

Pattern recognition
If authentication via a pattern is used, a pattern is defined during the initial registration, which the user then enters for authentication on subsequent logins.

Progressive profiling
Progressive profiling is also known as intelligent profiling and describes the process of collecting user information step by step to create holistic user profiles of customers without bothering them with too many queries at once.

On 8 October 2015, the European Parliament adopted the European Commission's proposal to promote secure and innovative European payment methods through the PSD2 Directive. The new rules aim to simplify online payments while better protecting consumers, to promote the development and use of new, innovative online and mobile payments and to make cross-border European payment services more secure. The monopoly of financial service providers on account information will end and banks will have to make their interfaces accessible to third party service providers (TPPs). To become PSD2-compliant, a robust identity and access management solution with fail-safe authorisation processes is crucial to open their interfaces to third-party providers and to exchange sensitive data securely.

SCA stands for Strong Customer Authentication (SCA) and is used as a term in PSD2, among others. Strong authentication is required when the user accesses the account and initiates payment. To ensure strong, secure authentication of the user, two-factor authentication is carried out using factors from at least two of the three categories of knowledge, possession, and biometrics.

A Software Development Kit (SDK) maps functionality and thus enables easy use of the functionalities in the development of applications.

Single Sign-On
Single sign-on - also known as one-time registration - enables end-users to use all services after a single login with the help of one identity. If the user switches to another service of the provider, it is checked whether the user is authenticated and authorized. In the event of a successful request, the customer is given access to these resources - touchpoint-independent.

Smart Push
A push notification is a message that is displayed on a user's mobile device. By selecting the correct code in the Authenticator app, which is displayed in the application, the user successfully authenticates himself or herself.

SMS-based verification
With SMS-based authentication, the user receives verification code via SMS to his registered mobile device and must enter it to have his identity verified.

Social Login
Social Login is also called Social Sign-in. Users can easily register using their preferred social network. For the registration process on an online portal, the user selects his or her preferred social media account (Facebook, Twitter, Google+ etc.) and can thus be authenticated or uniquely assigned by the website operator.

Used as a security token in connection with identity management. A security token is a hardware component for identifying and authenticating users. Occasionally it is also used to refer to software tokens. They are usually part of an access control system with two-factor authentication.

TOTP stands for Time-based One-time Password - It is a temporary password (six or eight digits) generated by an algorithm and used to authenticate users based on time and device.

Two-Factor Authentication
Two-Factor Authentication (MFA) is a procedure that uses a combination of two credentials (factors) to verify user identities. factors: Physical possession: for example, a bank card Knowledge: e.g. a password Being: Biometric data e.g. fingerprint, face recognition, voice recognition

U2F stands for Universal 2nd Factor and is an industry-standard that supports two-factor authentication (2FA) using special USB or NFC devices. Developed by Google and Yubico, with support from NXP Semiconductors, the standard is now hosted by the FIDO Alliance.

User de-duplication
User de-duplication is the consolidation of two digital accounts. This Identity Linking removes duplicates that have been created, for example, due to registrations with two different e-mail addresses, social login providers or something similar.

User Self Service
Registered users can manage their account profile themselves via a user portal. This allows, for example, to change passwords, add profile data or, depending on the use case, also specify user preferences, manage consents, and apply for authorizations.

Voice recognition
Voice recognition is a biometric authentication method. Like passwords or PIN numbers, voice recognition is intended to identify the respective person.

WebAuthn is the standard for convenient authentication on the Web. With WebAuthn, the authentication procedures of the mobile device can be used in the browser. This makes it possible to recognize the user simply and unambiguously by means of fingerprint sensors, face recognition or voice recognition.

Webhooks as a non-standard method for the communication of servers. This enables other systems to be informed and react in real time about an event that has occurred.