Glossary
This is a glossary of terms, used on MAYI ID related sites, materials and systems.
A |
||
| Access Control | The selective restriction of access to data, systems, or resources, ensuring that only authorized users can perform specific actions. | |
| ACME | Automatic Certificate Management Environment, a certificate automation protocol. | |
| Active Directory (AD) Integration | The ability of MAYI HILL to synchronize user identities with Microsoft Active Directory (AD), enabling seamless user authentication and access management. | |
| Alert logs | Alert logs are specialized log files that record significant events, warnings, and error messages generated by a system or application. They serve as a critical resource for system administrators and developers to monitor system health, diagnose issues, and ensure the smooth operation of software and hardware components. | |
| Agent | The agent works as an automatic credential injector for selected web/desktop apps. The agent is activated by receiving a deep link from MAYI PAM which is handled by the agent. | |
| Authentication | The process of verifying the identity of a user, device, or entity, typically as a prerequisite to granting access to resources in an information system. | |
| Authentication Token | A digital key used to verify a user's identity in a secure system. | |
| Authorization | The process of determining what actions an authenticated entity is permitted to perform within a system, such as accessing specific data or executing particular functions. | |
| Automation portal |
Automation Portal is a standalone application allowing Partners, their Customers or Tenant Managers to configure and deploy Tenant on their own without any IT support. | |
| Audit Logs | A detailed record of privileged access and user activity, ensuring visibility for compliance, security monitoring, and forensic investigations. | |
| Automation Protocols | Various standardized methods (e.g., SCEP, WCCE, ACME, F5, AWS, Azure Key Vault, EST, MS Intune) that automate the distribution and renewal of digital certificates. | |
| Automated Certificate Management Enrolment (ACME) | A protocol used to automate the issuance and renewal of TLS/SSL certificates, widely adopted by services like Let's Encrypt. | |
| Application Catalogue | A centralized repository that organizes and manages applications accessible to users. It ensures proper group assignments and integrates with IAM solutions to streamline application access. | |
| Approval Workflows | Automated processes within MAYI HILL that ensure user access requests and privilege modifications go through structured approval chains to maintain security and compliance. | |
B |
||
| Bookmarks |
When coming back to MAYI ID platform you can set which page you will land after the Signin in. |
|
| Biometric Authentication | A security process that relies on the unique biological characteristics of an individual, such as fingerprints, facial recognition, or iris scans, to verify identity. | |
| Bring Your Own Key (BYOK) | A security model that allows organizations to use their own encryption keys rather than relying on vendor-provided ones. | |
| Bring Your Own Encryption (BYOE) | A strategy where organizations implement their own encryption mechanisms to maintain control over their data security. | |
| Backup of HSM Partition | A feature that allows secure backup and restoration of encryption keys, ensuring business continuity and compliance with regulatory standards. | |
C |
||
| Certificate Lifecycle Management (CLM) |
A process that automates the issuance, renewal, revocation, and tracking of digital certificates to maintain security compliance. | |
| CLM vs CMAS | Certificate Lifecycle Management (CLM) is formerly known as a Certificate Management and Automation System (CMAS) | |
| Certificate Take-over | The ability to transfer ownership of a certificate from one user or group to another, managed through approval workflows. | |
| Certificate Authority (CA) | An entity that issues and verifies digital certificates, ensuring the authenticity of public keys used in encryption. | |
| CMP | Certificate Management Protocol | |
| CSR | Certificate Signing Request (CSR) will validate whether you can use the common name in Certificates | |
| Connection Manager | A tool that facilitates seamless logins using a central secret, supporting both modern and legacy authentication methods, including Single Sign-On (SSO) and desktop agents. | |
| Central Login Point | A unified authentication portal simplifying the login process across multiple applications and services. | |
| Centralized Management | The ability to oversee and administer multiple identity and access management processes from a single platform. | |
| Credential Injection | A method of providing login credentials to applications without requiring users to enter them manually. | |
| Credential Rotation | A process where privileged account credentials are automatically changed at regular intervals to enhance security and prevent unauthorized access | |
| Compliance Assurance | The ability of MAYI PAM to meet regulatory requirements through logging, session recording, and role-based access control (RBAC) policies. | |
D |
||
| DNS | The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources | |
| Digital Identity | The online or networked identity adopted or claimed in cyberspace by an individual, organization, or electronic device. | |
| Directory Services | A system that manages user accounts, roles, and group memberships across internal and external identity providers (IDPs), ensuring seamless identity management and access control. | |
| Directory Management | The administration of user accounts, roles, and group memberships within an organization's identity system. | |
| Double Key Encryption | A security method that combines cloud-based encryption with an additional proprietary encryption key, ensuring that even if cloud-stored data is compromised, it remains unreadable without the second key. | |
E |
||
| Enrollment, Remote enrollment, On-behalf enrollment vs Onboarding | Enrollment is an application that allows a user to register with the MAYI ID system, where user configures ways to authenticate himself/herself when signing in and ressetting password. Enrollment is a part of a bigger process called Onboarding, which includes configuration of permissions, groups and roles. |
|
| Emergency access | Emergency access is an application that |
|
| EST | Enrollment over Secure Transport | |
| External Identity Provider | A third-party service that verifies user identities, such as Microsoft Entra ID or Azure. | |
| Enrolment over Secure Transport (EST) | A protocol that provides secure certificate enrollment and management over HTTPS, often used in enterprise PKI solutions. | |
F |
||
| Floating secret | A security credential that is not fixed to a single user or device but can be dynamically assigned and reassigned as needed. This approach enhances flexibility in managing access across various systems and users. | |
| Favourite items | You can tag certain items as |
|
| Federated Identity Management | An arrangement that allows users to use the same identification data to obtain access to the networks of all organizations in the group, streamlining authentication across multiple systems. | |
| Federation | The process of linking multiple identity management systems so that users can authenticate across different organizations or platforms using a single set of credentials. | |
| Full Options of Authorities | The ability of a certificate management system to integrate with multiple Certificate Authorities (CAs), supporting both public and private infrastructures. | |
| FIPS 140-3 Compliance | A security certification standard for cryptographic modules that ensures high levels of data protection, required for government and financial security compliance. | |
G |
||
|
|
A centralized management interface that provides overarching control over identity and access settings across an organization’s identity management system. |
|
Global Dashboard |
A centralized interface for monitoring and managing identity-related processes across an organization. |
|
H |
||
| Heartbeat | A periodic signal sent between systems or components to indicate normal operation and confirm connectivity. Heartbeats are essential in monitoring the health and status of services, ensuring they are functioning correctly. | |
| HOTP |
|
|
| Hardware Security Module (HSM) | A dedicated hardware device that securely generates, stores, and manages encryption keys to protect sensitive data. | |
| Heartbeat Check | A security mechanism that regularly validates the availability and correctness of stored credentials, ensuring that passwords remain active and synchronized with the target system. | |
I |
||
| Identity Provider (IdP) | A trusted entity that creates, maintains, and manages identity information for users and provides authentication services to relying applications within a federation or distributed network. / A system that authenticates users' identities and authorizes their access to various applications and services. |
|
| Identity Lifecycle Management | The comprehensive management of the identity and access privileges of users throughout their tenure with an organization, from creation to deletion. | |
| Identity and Access Management (IAM) | A security and business discipline that includes multiple technologies and business processes to help the right people or machines to access the right assets at the right time for the right reasons, while keeping unauthorized access and fraud at bay. | |
| Identity Governance and Administration (IGA) | Policies and processes that define how identities are managed, including role assignments, approvals, and compliance enforcement. | |
| Identity Governance | The set of policies and processes that define how identities are managed, including role assignments, approvals, and compliance enforcement. | |
J |
||
K |
||
| Keycloak | An open-source identity and access management solution developed by Red Hat. Keycloak provides features such as single sign-on (SSO), identity brokering, and user federation, simplifying the implementation of authentication and authorization in applications. | |
Key Escrow |
A security measure that securely stores private encryption keys for potential recovery or reuse, preventing data loss and ensuring compliance with security policies. |
|
| Key Ceremony | A formal process of generating, distributing, and documenting encryption keys with witness oversight, ensuring governance, compliance, and secure key management. | |
| Key Rotation | A security practice of periodically changing cryptographic keys to reduce the risk of compromise. | |
L |
||
| LDAP | LDAP is an open, vendor-neutral application protocol for accessing and maintaining data such as usernames, passwords, email addresses, and other static data within directories. LDAP can also tackle authentication, so users can sign on just once and access many different files on the server. | |
| LDAP Integration | A feature that allows MAYI HILL to connect with Lightweight Directory Access Protocol (LDAP) directories, facilitating centralized authentication and identity synchronization. | |
| LMS | Learning Management System - A software application or platform designed to deliver, manage, and track educational courses or training programs. LMS platforms facilitate online learning by providing tools for content delivery, assessment, and reporting. | |
| Local Users Management | A functionality enabling the creation and management of users who are not part of an external identity provider (such as Active Directory or Azure). | |
M |
||
| MAYI HILL | A centralized identity governance and administration platform that consolidates the management of users, devices, and resources across multiple environments. It serves as the foundation of the MAYI ID ecosystem. | |
| Magic questions | List of questions and answers to them, that are configured during enrollment. These questions are used for authentication of users during sign-in or emergency access. | |
| Multi-Factor Authentication (MFA) | A security |
|
| Multilanguage Support | A feature that allows users to |
|
| Multi-Location Redundancy | A security feature that ensures encryption key backups are stored across multiple locations to |
|
| Multi-Tenant Architecture | A system design that allows multiple tenants (organizations, departments, or clients) to share the same identity management infrastructure while maintaining isolated and |
|
N |
||
O |
||
| Onboarding Process | The structured approach for integrating new users into a system, including identity verification and access assignment. | |
| Onboarding vs Enrollment | Enrollment is an application that allows a user to register with the MAYI ID system, where the user configures ways to authenticate himself/herself when signing in and resetting the password. Enrollment is a part of a bigger process called Onboarding, which includes configuration of permissions, groups and roles. |
|
| OpenID Connect | An identity layer built on top of the OAuth 2.0 protocol, allowing clients to verify the identity of end-users based on authentication performed by an authorization server. | |
| OTP, TOTP, HOTP |
|
|
| Operational Console | A tool for administrators to manage user accounts, permissions, and security operations. | |
| Ownership Transfer | A function that allows reassignment of certificate management responsibilities, improving operational efficiency through controlled approval processes. | |
P |
||
| PAM | Privileged Access Management | |
| Passkey | A digital credential that allows users to authenticate without using traditional passwords. Passkeys are often based on public-key cryptography, enhancing security and user convenience by eliminating the need for password memorization. | |
| Platform template (in Vault) | A type of Secret template in Vault settings. Platform templates provide a general the basis for creating other templates. |
|
| Ping | A network utility is used to test the reachability of a host on an Internet Protocol (IP) network. It measures the round-trip time for messages sent from the originating host to a destination computer, aiding in diagnosing network connectivity issues. | |
| Principal name | In identity management, a principal name uniquely identifies a user or entity within a given context, such as a network or realm. It is often used in authentication protocols to specify the identity requesting access. | |
| Provisioning | The process of creating, managing, and maintaining user accounts and access rights within a system or application. | |
| Privileged Access Management (PAM) | A security approach for managing, monitoring, and auditing accounts with elevated permissions to protect sensitive data and infrastructure. | |
| Privileged Admin Workstation (PAW) | A dedicated, highly secure environment for administrators to perform privileged operations while reducing the risk of security breaches. | |
| Password Policies | Security rules that enforce strong passwords, including rotation, reconciliation, and monitoring. | |
| PKI Agnosticism | The ability of a system to integrate with any Public Key Infrastructure (PKI) provider, offering flexibility in certificate management and deployment without being tied to a specific vendor. | |
| Partition as a Service (PaaS) | A feature that allows multiple applications to securely share a single Hardware Security Module (HSM) while maintaining separation of encryption keys and data. | |
| Parametrization Settings | Customizable configuration options within the Tenant Admin Console (TAC), allowing administrators to define specific access control rules, notifications, and policies. | |
Q |
||
R |
||
| RADIUS (Remote Authentication Dial-In User Service) | A networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. RADIUS is commonly used for managing access to networks, including Wi-Fi and VPN services. | |
|
Role Based Access Control (RBAC) |
A
|
|
| Remote Gateway | A secure entry point that allows access to critical systems via encrypted HTTPS connections. | |
| Reconciliation Process | A security feature that automatically resets and synchronizes passwords if they become unsynchronized or compromised. | |
| Regulatory Compliance | Ensuring adherence to security standards like GDPR, PCI DSS, and eIDAS through the use of |
|
S |
||
| Safewalk | A multi-factor authentication (MFA) solution that enhances security by requiring users to provide multiple forms of verification before granting access to systems or applications. Safewalk supports various authentication methods, including biometrics and one-time passwords. | |
| SAML | Security Assertion Markup Language. It is an open for exchanging authentication & authorization data between parties, in particular, between an identity and service providers | |
| Selfservice | An application where each user can manage own authentication tokens, password, requests or approvals. | |
| Self-Service Console | A user interface that enables individuals to manage their own identity and access permissions independently, allowing them to handle credentials, documents, onboarding, and approvals without administrative intervention. | |
| Self-Service Identity Management | A system that allows users to manage their own identity credentials, documents, and access permissions. | |
| SCEP | Simple Certificate Enrollment Protocol, a certificate automation protocol. | |
| Secret | In cybersecurity, a secret refers to any confidential data that must be protected from unauthorized access to maintain the security and integrity of systems and information. Common examples of secrets include passwords, API keys, encryption keys, and tokens. Proper management of these secrets is crucial to prevent security breaches and ensure that only authorized entities can access sensitive resources. | |
| Secret Manager | A tool for securely storing and managing sensitive information such as credentials and API keys. | |
| Slug name | The name “slug” comes from web publishing and refers usually to a part of a URL which identifies a page or resource. | |
| SSO | Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. | |
| Session Recording | The process of capturing and storing user sessions for compliance, auditing, and security investigations. | |
| Scan Engine | A tool that automatically discovers, monitors, and analyzes certificates within an organization to simplify integration, enhance security, and detect vulnerabilities. | |
| Statdashboard | A reporting tool providing insights on identity usage, access statistics, and security trends. | |
| Secure Admin Workstation (SAW) | A specialized workstation that provides administrators with a secure and isolated environment to perform sensitive operations. | |
| Shared with Me Folder | A feature within the Secret Manager that allows users to define specific permissions and share credentials securely across different teams. | |
| Simple Certificate Enrolment Protocol (SCEP) | A protocol used to automate the issuance and renewal of digital certificates, commonly used in enterprise networks. | |
T |
||
| Tenant Admin Console (TAC) | A |
|
| Telnet | A network protocol that allows a user to communicate with a remote device or server over a TCP/IP network. Telnet provides a command-line interface for managing devices but lacks encryption, making it less secure compared to modern alternatives like SSH. | |
| Tenant, Default tenant | In multi-tenant architectures, a tenant represents a group of users or an organization that shares common access with specific privileges to the software instance. The default tenant is the initial or primary tenant configured in the system, often used as a template for creating additional tenants. | |
| Theme, GUI theme | A theme in a graphical user interface (GUI) refers to a set of design elements and styles that define the appearance of the interface. Themes control aspects like color schemes, fonts, and layout, allowing customization of the user experience. | |
| Token | In security contexts, a token is a digital object that represents the right to access resources or services. Tokens are often used in authentication and authorization processes to verify identities and grant appropriate access levels. | |
| TOTP |
|
|
U |
||
| Unified Certificate Management | A centralized solution that streamlines the entire certificate lifecycle, including issuance, renewal, revocation, deletion, and secure sharing, while allowing certificate take-over and ownership transfer with approval flows. |
|
Unified Management |
A centralized system that allows organizations to oversee all certificate-related tasks from a single interface, improving efficiency and reducing administrative overhead. |
|
V |
||
A secure storage system that manages secrets, credentials, and sensitive data by enforcing rights, permissions, rotation policies, and audit logging |
||
Vault Encryption |
A secure method for storing and protecting sensitive information through encryption. |
|
W |
||
|
WCCE |
Windows Client Certificate Enrollment Protocol | |
Windows Certificate Enrolment (WCCE) |
A Microsoft-based protocol that facilitates certificate enrollment and management within Windows environments. |
|
X |
||
Y |
||
Z |
||