| Identity provider |
An identity provider is the main source of an identity and is responsible for providing identifiers to users. It acts as a supplier that creates, maintains, and manages identity information while offering authentication and authorization via authentication protocols. |
IDP |
Azure AD, AD, Identity Server, Okta, Google |
| Authentication protocol |
A specification defining how authentication is performed, outlining the flow between the system and the identity provider. |
|
NTLM, OpenID Connect, WS-Federation, OAuth 2 |
| System |
A system is a service with a specific purpose. Systems can consist of one or more components, often referred to as an application. A component can be an API backend, a database, or a user interface client. A system is typically a grouping within a specific domain or business area. |
|
|
| Authentication |
The process of verifying a user’s identity. The user is who they claim to be. |
|
|
| Authorization |
The process of determining which access rights a user should have. This involves assigning the correct permissions (e.g., roles or other user attributes) so that access control can be enforced in systems. |
|
|
| Access Control |
Determines who has access to which data, applications, and resources. Access control is based on authorized users. |
AC |
What is Access Control? | Microsoft Security |
| Conditional Access |
A type of access control, consisting of a set of policies applied during login. It can be based on location, tenant, or organizational roles. |
|
What is Conditional Access in Microsoft Entra ID? - Microsoft Entra ID, Multi-factor authentication required when accessing from outside the internal network, Blocking access from unauthorized locations. |