🔥 Agentic Identity Governance Introduced at RSAC 2026. See the announcement →
Glossary

Glossary

A – FG – LN – RS – Z

A – F

Access Knowledge Graph

BalkanID’s unified identity intelligence layer that maps relationships between identities, applications, accounts, roles, permissions, and usage signals. This graph powers discovery, risk insights, governance campaigns, and automation.

Access Certification (Access Review)

A governance process where managers or system owners periodically confirm whether users still require their assigned access.

Access Lifecycle Management

Automation that ensures identities receive appropriate access during onboarding, role transitions, and offboarding events.

Agentic Identity Governance

A modern governance model where identity workflows are executed by intelligent agents capable of discovering risk, recommending actions, and performing automated remediation.

Agentic Playbooks / Autopilot Playbooks

Automated governance workflows that orchestrate lifecycle events, access remediation, risk response, and policy enforcement.

AI Copilot

A natural language interface that enables administrators to query identity data, investigate risks, and trigger governance actions conversationally.

Application

Any SaaS service, cloud platform, on-premise system, or internal application containing identities and permissions.

Application Account

A user or machine identity that exists within an application.

Attestation Set

A defined group of identities, roles, or permissions that form the scope of an access certification campaign.

Autonomous IGA

A next-generation identity governance model where identity discovery, risk detection, review prioritization, and remediation operate automatically with minimal manual intervention.

Blast Radius

The total potential impact of a compromised identity or credential, including the systems, data, and resources it can access(directly or indirectly).

Continuous Access Governance

An identity governance approach where access risk is monitored and remediated continuously instead of through periodic compliance reviews.

Continuous Identity Security

A security model where identity discovery, risk detection, access certification, and remediation operate continuously across the enterprise.

Credential

A secret or key used to authenticate and authorize access.

Disconnected Application Governance

The ability to govern legacy or internal applications without APIs using automation, agents, or workflow-based controls.

Discovery

The process of collecting identity, account, and permission data from enterprise systems and mapping them into a unified identity model.

Digital Identity Twin

A unified representation of a human or machine identity constructed from multiple enterprise systems.

Entitlement

A specific permission granted to an identity within an application.

Entitlement Sprawl

The uncontrolled accumulation of permissions across multiple systems.

Entity

A normalized object within BalkanID representing identities, applications, accounts, groups, roles, or permissions.

Evidence-Based Governance

The practice of attaching logs, approvals, and artifacts to identity governance decisions to support audits and compliance.

Finding

A detected identity risk such as excessive privileges, unused permissions, or policy violations.

G – L

Governance Campaign

A structured process where reviewers validate user access to ensure it remains appropriate.

Group

A collection of users or accounts used to assign permissions collectively.

Headless Identity Governance Platform

An API-first identity governance architecture that integrates into existing IAM ecosystems without requiring system replacement.

HRIS Integration

Connecting BalkanID to HR systems such as Workday or BambooHR to synchronize employee data and drive lifecycle automation.

IAM Risk Analyzer

BalkanID’s analytics engine that continuously evaluates identity relationships to detect security risks and policy violations.

Identity

A digital representation of a person, machine, service account, or automation agent interacting with systems.

Identity Autopilot

A BalkanID capability that continuously detects identity risks and automatically triggers governance workflows to remediate them.

Identity Discovery

The process of identifying and mapping all identities across enterprise systems.

Identity Fabric

A unified architecture that connects identity governance, authentication, authorization, and analytics into a single control plane.

Identity Intelligence

Insights derived from analyzing identity relationships, privilege assignments, and access usage patterns.

Identity Risk Graph

An analytical model that maps identity relationships and privilege pathways to identify potential attack paths and risk exposure.

Identity Risk Posture

An organization’s overall exposure to identity-related security risks.

Identity Security Control Plane

A centralized layer where identity visibility, governance, automation, and analytics operate across all applications and infrastructure.

Identity Sprawl

The uncontrolled growth of identities and accounts across applications and environments.

IGA (Identity Governance and Administration)

A discipline focused on managing identity lifecycle, access permissions, and compliance.

IVIP (Identity Visibility & Intelligence Platform)

An emerging category of platforms focused on providing deep visibility into identity relationships and access risk across enterprise systems.

JITPBAC (Just-In-Time Purpose-Based Access Control)

A model where access is granted temporarily for a specific purpose and automatically revoked when the task is completed.

Joiner-Mover-Leaver (JML)

Lifecycle events that trigger access provisioning, modification, or removal.

Key Rotation

A security practice and process of periodically changing cryptographic keys or credentials to minimize the risk of unauthorized access.

Least Privilege

A principle where identities receive only the access necessary to perform their tasks.

Lifecycle Automation

Policy-driven workflows that adjust permissions when identity attributes change.

Model Context Protocol(MCP)

An open-source standard that enables AI applications to connect to and interact with external systems.

N – R

NHI (Non-Human Identity)

Machine identities such as service accounts, API tokens, integrations, automation bots, and AI agents.

Orphaned Account

An active account that no longer has an associated identity owner.

Over-Entitlement

A condition where identities possess more permissions than required for their role.

Permission

A specific capability granted within an application or system.

Privileged Access

Elevated permissions that allow administrative control over systems and infrastructure.

Priority Inbox

A dashboard that highlights high-risk access items during review campaigns to help reviewers focus on critical decisions.

Purpose

The business justification provided when requesting access.

RBAC (Role-Based Access Control)

A model where permissions are assigned to roles instead of directly to users.

RBAC Drift

A gradual divergence between defined role policies and real-world access assignments.

Remediation

The process of correcting identity risks by removing permissions, disabling accounts, or adjusting policies.

Role

A collection of permissions grouped together for simplified access management.

Role Mining

Analyzing access patterns to identify least-privilege roles.

Risk-Based Governance

A governance model where review and remediation activities are prioritized based on risk signals.

S – Z

SCIM Proxy Bridge

A provisioning bridge that enables lifecycle automation for systems that do not support SCIM natively.

Segregation of Duties (SoD)

Policies designed to prevent users from holding conflicting permissions that could enable fraud or abuse.

Service Account

A non-human identity used by applications or automation processes.

Shadow Identities

Unmanaged identities created outside formal governance processes.

Standing Privileges

Permissions granted indefinitely rather than temporarily.

Toxic Combination

A set of permissions that violate segregation-of-duties policies when assigned together.

Unified Identity View

A consolidated representation of identities and access relationships across enterprise systems.

UAR (User Access Review)

The process of reviewing and certifying that users have appropriate access to applications and systems.

Usage Insight

Analytics showing whether permissions are actively used or unnecessary.

Zero Standing Privileges (ZSP)

A model where users hold no permanent elevated permissions and must request temporary access when needed.

Zero Trust

A security framework where every access request must be verified based on identity, context, and risk.

Zombie Identity

An inactive account that still retains access permissions.

Interested in learning more?
Schedule a demo.

Let us know where to reach you and a member of our team will contact you soon to schedule a time to walk through our solution!
Request a Demo

Balkan, BalkanID, and the BalkanID logo are registered trademarks of BalkanID, Inc. in the United States and/or other countries. Nothing on the BalkanID website, platform, or services constitutes legal or regulatory advice, opinion, or recommendation. For legal assistance, please consult a licensed attorney.

Solutions
Lite
User Access Reviews LiteIAM Risk Analyzer LiteLifecycle Management LiteIGA Lite
Enterprise
Access Review & CertificationRBAC & Identity RiskAccess Lifecycle ManagementCopilot & PlaybooksIGA
Guides
User Access Review SoftwareAccess Lifecycle ManagementIdentity Governance AdministrationUAR Tools For NIST CompliancePrivileged Access ManagementCIEM SoftwareEntitlement ManagementSOC ComplianceIdentity Access ManagementUser Provisioning SoftwareSCIM ProvisioningModern Identity Security PlatformWorkforce Identity GovernanceNon Human Identity Governance
Company
AboutCareersContactPricingCase StudiesAI Info
Resources
BlogsNewsPress Release

Copyright © 2026 · BalkanID, Inc., All rights reserved.

|

Privacy Policy

|

Terms of Service