Plain-language definitions for the terms that come up in identity, devices, and modern IT.
A
Active Directory (AD)
Microsoft's on-premises directory service for Windows networks. Most modern identity platforms — including ICI TECH — exist to either modernize it or replace it.
Agent identity
A first-class, attestable identity assigned to an AI agent — distinct from a service account — that records the agent's owner, scope, and actions.
Agentic IAM
Identity and access management designed for AI agents. Agents are governed with the same lifecycle, policy, and audit primitives as humans.
C
Cloud directory
A cloud-native source of truth for users, groups, devices, and credentials — replacing or augmenting on-prem Active Directory.
Conditional access
Policies that grant or deny access based on contextual signals: who you are, where you are, what device, what app, what risk.
E
EAP-TLS
Certificate-based authentication for Wi-Fi and network access. Phishing-resistant by design — there's no password to steal.
F
FIDO2 / WebAuthn
Web standards for passwordless, phishing-resistant authentication using public-key cryptography. The foundation of passkeys and hardware keys.
H
HRIS
Human Resources Information System (Workday, Rippling, BambooHR, etc.). Often treated as the canonical source of who works at a company.
I
IAM
Identity and Access Management — the practice of managing digital identities and what they can do.
J
Just-in-time (JIT) access
Granting access only at the moment it's needed, expiring it automatically when done. Replaces standing privilege.
L
LDAP
Lightweight Directory Access Protocol — a long-standing protocol for querying directory services. Still widely used by legacy apps and network gear.
Least privilege
The principle that an identity should have only the minimum access needed to do its job, and no more.
M
MDM / UEM
Mobile Device Management / Unified Endpoint Management — software that enrolls, configures, and secures devices across one or many operating systems.
MFA
Multi-Factor Authentication. Requires more than just a password — typically a passkey, hardware key, push notification, or biometric.
P
Passkey
A FIDO2-based credential synced across a user's devices, used to sign in without a password. Phishing-resistant by design.
Passwordless
Authentication that doesn't use passwords at all. Typically combines passkeys, biometrics, and hardware keys.
PAM
Privileged Access Management. Tools and practices for vaulting credentials, brokering sessions, and auditing privileged actions.
R
RADIUS
Remote Authentication Dial-In User Service — a protocol used by Wi-Fi controllers and VPNs to authenticate users against a directory.
RBAC / ABAC
Role-Based Access Control / Attribute-Based Access Control — two complementary ways to grant access based on role membership or attributes.
S
SAML
Security Assertion Markup Language — a long-standing standard for federated single sign-on between identity providers and applications.
SCIM
System for Cross-domain Identity Management — the standard protocol for provisioning users, groups, and roles to applications.
Shadow AI
AI tools used by employees outside of IT's awareness or control. ICI TECH's Shadow AI Governance discovers and governs them.
Shadow IT
Apps and services used by employees outside of IT's awareness or control. Often discovered via SSO, browser, or expense data.
SSO
Single Sign-On — signing in once and accessing many apps without re-entering credentials. Usually via SAML or OIDC.
Z
Zero trust
A security model that assumes no implicit trust based on network location. Every access request is verified against identity, device, and context.
