Glossary

Tenant – is an isolated instance of a service or application configured for a specific client or group of users. It ensures the security and confidentiality of data, allowing each tenant to have their own settings, users, and policies.

Passwordless login refers to a system where users can access an account or service without entering a password. Instead, it relies on alternative authentication methods like biometrics, security keys, or one-time passcodes. This approach enhances security by eliminating the risks associated with passwords, such as theft or weak password practices.

Single Sign-On (SSO) allows users to access multiple applications and websites using a single set of credentials, streamlining the authentication process and reducing the need for multiple logins. This is achieved through a trust relationship between applications (service providers) and an identity provider (IdP).

Passkeys are a modern way to access accounts without using passwords. They utilize device biometrics like fingerprint or face recognition, or a PIN, to authenticate users. This method offers enhanced security by eliminating the need to remember and type passwords, making logins faster and less vulnerable to phishing attacks.

FIDO Security Key is a hardware device that provides strong, passwordless authentication to online services. FIDO (Fast Identity Online) is a standard developed by the FIDO Alliance to improve security and simplify the login process. Instead of passwords, FIDO security keys use public-key cryptography to verify user identities, offering protection against phishing and other online attacks.

OTP commonly stands for One-Time Password, a security code valid for a single login attempt or transaction. It's a way to enhance security by using a unique, temporary password that expires after use. In other contexts, OTP can also mean One True Pairing, often used in fandoms to describe a favorite romantic relationship between fictional characters.

Windows Hello is a secure and convenient way to log in to Windows devices, apps, and online services using biometrics like facial recognition or fingerprint scanning, or a PIN. It replaces traditional passwords with a more personal and secure authentication method. \

SAML stands for Security Assertion Markup Language. It's an open standard used for exchanging authentication and authorization data between parties, primarily between an identity provider (IDP) and a service provider (SP). This enables single sign-on (SSO) functionality, allowing users to log in once and access multiple applications without needing to re-authenticate.

OIDC stands for OpenID Connect. It is an authentication protocol that builds on top of the OAuth 2.0 authorization framework. OIDC enables applications to verify the identity of users based on authentication performed by an authorization server, and to obtain basic profile information about the end-user.

WS-Federation stands for Web Services Federation. It is an XML-based protocol used for single sign-on (SSO) and identity federation, enabling different security systems to work together across organizational boundaries.

TPM 2.0 stands for Trusted Platform Module 2.0. It is a security technology implemented in a chip on a computer's motherboard or integrated into the processor. TPM 2.0 is designed to enhance computer security by providing a secure location for storing cryptographic keys and other sensitive data. It is a requirement for running Windows 11 and is used for features like Windows Hello and BitLocker.

ID Token stands for Identity Token. It's a security token that verifies a user's identity after they have successfully authenticated with an authorization server. It's not for authorization (accessing resources), but rather for proving to your application who the user is. ID tokens are typically in the form of a JSON Web Token (JWT) and contain claims about the user, such as their unique ID, email, and other profile information.

Access Token is a security credential that allows a client application to access specific resources on a server on behalf of a user. It acts as a digital key, granting temporary authorization to access resources without needing to repeatedly authenticate with the user's credentials.

Refresh Token is a special type of credential used in OAuth 2.0 and OpenID Connect flows. It allows a client application to obtain a new access token without requiring the user to re-authenticate, enabling longer-lasting user sessions and seamless access to resources.