Glossary

This glossary defines terms and concepts that relate to DirX Audit and identity and access management. Additional information about identity and access management terminology can be found in the glossary of the DirX Identity Introduction and in the DirX Access Glossary.

access certification: The process of periodically checking user-privilege assignments to ensure that these assignments continue to comply with business policies.

access management: The part of an IAM system that performs real-time enforcement of the security policies established for each user of the enterprise IT infrastructure. Access management processes include authentication, authorization, and audit.

administration: The process of managing digital identities and access across the heterogeneous IT environment through a combination of user roles and business rules.

audit: See identity audit.

audit event: Information about a discrete operation within a logical sequence of IAM operations recorded in an audit message. An audit event contains a reference to the audit message and an additional information summary. Several audit events may be associated with an audit message. For example, an audit message on a group modification may cover several account-group membership changes. Each account-group membership change makes up an audit event, with summary information on the account, the group and the specific operation and the additional information from the audit message that is common to all associated account-group events. See also audit message.

audit message: A message in an audit trail that DirX Audit has extracted, transformed into DirX Audit data format and stored in the DirX Audit Database. The data in the audit message includes the original message in the format of the audit producer plus the "where from", "who", and "what" information and a message identification. See also audit event.

audit trail: A chronological sequence of audit messages, where each message contains evidence that directly pertains to and results from the execution of an IAM transaction. See also audit message, audit event.

authentication: The process of identifying users and validating their identity.

authorization: The real-time enforcement of user access requests to the enterprise resources. Authorization ensures that users can only access the IT systems in the enterprise and their corresponding resources according to their access rights.

collation: The rules for character representation and the comparison and sorting of data in a relational database system (SQL server, Oracle Database). When you select a collation for your server, database, column, or expression, you assign certain characteristics to the data, and these characteristics affect the results of different operations in the database.

compliance (regulatory compliance): The clear and demonstrable observation of legal or other regulations.

compound risk score: The calculated compound score for the user. All the user’s standard scores are used to compute the compound score.

digital identity: See identity.

DirX Audit Audit analysis: The DirX Audit Manager and DirX Audit Manager Classic view that displays a table of audit events retrieved from the DirX Audit Database according to a given search filter. Each row in the table displays one audit event and its associated information.

DirX Audit collector: The DirX Audit component that imports audit trails generated by a particular type of audit trail producer.

DirX Audit Dashboard: The DirX Audit Manager Classic view that presents identity audit key performance indicators (KPIs) in a graphical format; typically, as charts.

DirX Audit Database: The DirX Audit component that provides consolidated, persistent storage for audit messages, audit events, history entries, OLAP data structures (dimensions and facts) and meta data, and configuration information.

DirX Audit History: The DirX Audit Manager and DirX Audit Manager Classic view that displays the state of an entry in a DirX Identity domain at a given point in the past. DirX Audit History Synchronization jobs regularly import identity and identity-related state changes to history entries in the DirX Audit History Database, where they are available for analysis. The History view allows auditors to compare identity state at different points in time, check the state of related entries, observe all entry-related events in a given time interval and investigate causal events for a specific assignment.

DirX Audit Landing page: The DirX Audit Manager view that represents a central entry point to the DirX Audit Manager. It provides links to the additional views of the DirX Audit Manager, such as Audit analysis, History and Reports.

DirX Audit Manager: The DirX Audit component that provides a graphical user interface for the correlation, analysis and review of audit and historical identity data. The DirX Audit Manager provides Audit analysis, History and Reports views for different levels of analysis. The component will fully replace the DirX Audit Manager Classic in future releases.

DirX Audit Manager Classic: The DirX Audit component that provides a graphical user interface for the correlation, analysis and review of audit and historical identity data. The DirX Audit Manager provides Dashboard, Audit analysis, History and Reports views for different levels of analysis. The component will be discontinued in future releases.

DirX Audit Reports: The DirX Audit Manager view that allows auditors to set up scheduled configurable reports that can be sent via e-mail to selected recipients at regular intervals by the DirX Audit Server.

DirX Audit Server: The DirX Audit component that hosts DirX Audit collectors, performs normalization, transformation and storage on collected audit messages, creates OLAP data structures (dimension and fact tables), generates audit event information and runs jobs for creating and delivering reports.

entitlement: The access right of a user in a target system; for example, a group assignment. Identity governance functions discover entitlements in target systems and then use them to create aggregated privileges like permissions and business roles. Privilege resolution determines, as a consequence of role assignment and user context information like attributes and role parameters, the set of entitlements that need to be provisioned. See the DirX Identity Introduction for more information.

history entry: The state of an entry in a DirX Identity domain at a specific point in the past.

identity: A single unique view of a user to be provisioned in the enterprise IT infrastructure that is aggregated from multiple authoritative sources of user data in the enterprise IT infrastructure by the IAM system’s metadirectory services. Also called "digital identity".

identity and access management (IAM): An integrated solution for user and access management across the heterogeneous systems that constitute the IT infrastructure of an enterprise.

identity audit: The process of producing, collecting, cleansing and correlating data about IAM administration, authentication and authorization events and then transforming this data into actionable intelligence with respect to compliance regulations, business security policies and corporate risk management objectives. Identity audit provides the means to analyze and report on IAM functioning and deliver the information necessary to support IAM governance of users and their entitlements.

identity federation: An application of authentication that permits an enterprise to share trusted identities with autonomous organizations outside of the enterprise, like trading partners or suppliers. Also called federated identity and federation.

identity management: The part of an IAM system that ensures a consolidated, enterprise-wide view and way to manage user access to resources in the enterprise IT infrastructure, aligning enterprise business interests with lower-level IT operations for user management and provisioning. Identity governance functions provide a high-level, transparent way to define, create, manage, assign, review and remove users and their entitlements according to business security objectives and compliance requirements. Identity provisioning functions dynamically and automatically realize the results of identity governance operations into the necessary entitlements in the enterprise IT infrastructure. Identity management processes include user self-service and delegated administration, password management, user management, role, policy and business object management, request workflow, access certification, real-time provisioning and reconciliation and metadirectory.

key performance indicator (KPI): In industry jargon, a type of measure of performance (see http://en.wikipedia.org/wiki/Performance_indicator for a definition). In DirX Audit, a KPI is associated with statistical information on a subset of audit events.

key risk indicator (KRI): In industry jargon, a type of measure to indicate how risky an action or a subject is.

multi-tenancy: The ability to support, configure and run multiple tenants. See also tenant.

online analytical processing (OLAP) schema: A method of modeling data according to a "cube" type of data structure that allows for fast, interactive manipulation and analysis of the data (called "facts") from multiple perspectives, called "dimensions". See http://en.wikipedia.org/wiki/Online_analytical_processing for more information.

online transactional processing (OLTP) schema: A method of modeling data to achieve efficient transactions such as insertions and deletions. See http://en.wikipedia.org/wiki/Online_transaction_processing for more information.

report: In casual use, a report may refer, for example, to a report template in the form of a JRXML document or the output file generated when a report is run and scheduled or exported. Here we understand a report more specifically as a JasperReport. A JasperReport is a combination of a report template and data that produces a complex document for viewing, printing, or archiving information. It is defined by a report creator and generated when the report is run and shown in the web application, scheduled or exported. At the heart of a JasperReport is the report template. It is a JRXML document, an XML standard and defines precisely all the structure and configuration of a report. The template references information about the data source that supplies data for the report and additional resources, such as images, fonts, and resource bundles for localization of text. The collection of all the resources that are referenced in a JasperReport is sometimes called a report unit. End users usually see and interact with a JasperReport as a single resource, but report creators must define all of the components in the report unit.

report set: One or more report files to be sent, the schedule for when to send them, and who is to receive them. Each report file has a defined format and contains one or more individual reports.

risk level: The overall risk level for the user. Possible values are Low (1), Medium (2) or High (3).

risk score: The standard score for the risk factor. This value is a normalized score for the factor at the user.

segregation of duties (SoD): The process of placing constraints on role assignment to enforce "conflict of interest policies", for example, a user with the role "accounts payable" cannot be assigned the role "accounts receivable". Also called separation of duties.

single risk factor: A single element that contributes to the risk assessment of a user. Examples of single risk factors include the total number of group memberships, the total number of SoD violations, the total number of imported memberships, the total number of imported accounts, and the total number of privileged accounts. See also compound risk score.

SoD policy: A policy that specifies the roles that cannot be assigned to a user at the same time. See also segregation of duties (SoD).

tenant: A DirX Identity domain or a DirX Access installation. All of the data maintained in DirX Audit that are specific to a particular tenant are kept separate from other tenants, including audit events, history data, fact tables, reports, chart components and the configuration data such as database connection settings, authentication and authorization settings, audit sources, server task configurations, and Message Broker users and queues. See also the definition of a domain in the DirX Identity Introduction and https://en.wikipedia.org/wiki/Multitenancy.

Web access management: Access management for users and applications that attempt to access IT resources via a web browser and/or web protocols. See also access management.