askmeidentity · IAM Acronyms · 2026-05-22
IAM acronyms decoded
The acronym soup of IAM, decoded on one printable sheet. From AuthN/AuthZ to ZTNA. Useful for new joiners + RFP review.
Core
| IAM | Identity & Access Management |
| AuthN | Authentication (who are you?) |
| AuthZ | Authorization (what can you do?) |
| IdP | Identity Provider (e.g. Okta, Entra ID) |
| SP | Service Provider (the app you sign in to) |
| RP | Relying Party (OIDC term for SP) |
| SSO | Single Sign-On |
| MFA | Multi-Factor Authentication |
| 2FA | Two-Factor Authentication (subset of MFA) |
| CAEP | Continuous Access Evaluation Profile |
Lifecycle
| JML | Joiner / Mover / Leaver lifecycle |
| SCIM | System for Cross-domain Identity Management |
| HRIS | Human Resources Information System (Workday, BambooHR) |
| IGA | Identity Governance & Administration |
| IDM | Identity Management |
| IAM Center | AWS service formerly known as SSO |
Authorization + governance
| RBAC | Role-Based Access Control |
| ABAC | Attribute-Based Access Control |
| ReBAC | Relationship-Based Access Control |
| PBAC | Policy-Based Access Control |
| SoD | Segregation of Duties |
| PoLP | Principle of Least Privilege |
| PEP | Policy Enforcement Point |
| PDP | Policy Decision Point |
| OPA | Open Policy Agent (PDP implementation) |
Privileged access
| PAM | Privileged Access Management |
| JIT | Just-in-Time (access) |
| JEA | Just Enough Access |
| ZSP | Zero Standing Privilege |
| PASM | Privileged Account & Session Management |
| PEDM | Privileged Elevation & Delegation Management |
Protocols
| SAML | Security Assertion Markup Language |
| OIDC | OpenID Connect |
| OAuth | Open Authorization (delegated authorization) |
| JWT | JSON Web Token |
| JWS | JSON Web Signature |
| JWE | JSON Web Encryption |
| JWKS | JSON Web Key Set |
| PKCE | Proof Key for Code Exchange |
| DPoP | Demonstrating Proof of Possession |
| FIDO | Fast Identity Online |
| WebAuthn | Web Authentication API |
| CTAP | Client to Authenticator Protocol |
Customer + B2B identity
| CIAM | Customer Identity & Access Management |
| CIBA | Client Initiated Backchannel Authentication |
| ATO | Account Takeover |
| KYC | Know Your Customer |
| IDV | Identity Verification |
Network + Zero Trust
| ZTA | Zero Trust Architecture |
| ZTNA | Zero Trust Network Access |
| SASE | Secure Access Service Edge |
| SSE | Security Service Edge |
| IAP | Identity-Aware Proxy |
| BeyondCorp | Google Zero Trust framework |
Compliance
| NIST | National Institute of Standards & Technology |
| FedRAMP | Federal Risk & Authorization Mgmt Program |
| HIPAA | Health Insurance Portability & Accountability Act |
| FFIEC | Federal Financial Institutions Examination Council |
| SOC 2 | Service Organization Control 2 |
| GDPR | General Data Protection Regulation |
| CCPA | California Consumer Privacy Act |
| CISA | Cybersecurity & Infrastructure Security Agency |
| NYDFS | New York Dept of Financial Services (Part 500) |
| ITDR | Identity Threat Detection & Response |
| SCA | Strong Customer Authentication (PSD2) |
Tooling categories
| IdP | Identity Provider (Okta, Entra, Auth0) |
| EUM | End-User Management (deprecated term) |
| SIEM | Security Information & Event Management |
| SOAR | Security Orchestration, Automation & Response |
| XDR | Extended Detection & Response |
| CASB | Cloud Access Security Broker |