Terminology

Before moving forward, please take a minute to read a few terms used in the platform and what they mean.

API key

An application programming interface key is an authorisation string used for performing API calls. They are used to identify the calling application in order to track how the API is being used and prevent malicious use.

Application ID

A unique ID associated with each branded app or application.

Application secret

The application password used when performing API calls to authenticate into RITM.

Attribute

A specification or characteristic of an identity or structure element that defines its properties. In case of identities, attributes can be grouped into attribute categories, which allow you to group and organise attributes in the page. Additionally, you can change an attribute’s visibility status or mark it as a default attribute (these are required when adding a new identity).

Cascade roles

The option to cascade roles is an entitlement that allows certain roles within a collection to assign roles to the identities in the scope that it controls.

Collection

A collection is a cluster of internal and external identities. Each collection is based on a schema and can be organised (grouped) through structures. By default, the system makes available separate collections for users, branded apps and applications.

A freely given, specific, informed and unambiguous indication of a data subject's permission, by a clear affirmative action, towards the processing of personal information relating to that data subject.

Delegation

The action performed by an administrator inside an organisation of pushing the workload and accountability of specific actions to other users. These users can be internal or external to the organisation and might also have the entitlement to push actions to other users.

Entitlement

An access privilege granted to an identity. RITM allows you to specify the exact actions a role can perform and if it can cascade (and to what extent) the roles of the controlled identities.

Entity

We consider as being an entity any identity, organised into collections, structures and schemas.

Event

An occurrence or action that is recognised and handled by RITM. Within the application, events come with default values for codes and names. They can have custom names and can be assigned to specific categories for easier navigation and filtering. Events can be grouped into custom event categories for easier filtering and access.

Branded app

An application that the organisation owns and controls and of which identities are managed through OneWelcome IAM. These type of applications can access identities' data managed through OneWelcome IAM based on the associated roles in the collections you define or connect to. They can also allow identities to connect to the data based on the associated roles once they are authenticated.

Group

A particular instance of a structure. E.g. in case an organisation organises its identities based on the organisational chart, the "Organisational Chart" will be the structure, while "Finance" will be the group.

Identity

An identity is an entity used by information systems to represent a digital subject. Within RITM, users and applications are considered identities.

Managed identity

Is an identity that can be accessed and/or managed by a certain user and/or application, based on the access rights associated with his/her/its roles.

Organisation

Within the platform, an organisation is a legal entity having an account with RITM.

Profile data

All information associated to a user’s profile, that is managed by the platform.

Role

A role is a collection of permissions that controls what data and applications an identity can access and what actions it can perform. Roles are defined per collection. Therefore, you can assign different roles for different collections. Additionally, an identity can have multiple roles associated to it. Roles are also time-based, meaning that they have a start date as well as an end date.

Role type

A role type determines the scope of the role and the available entitlements. Once it is selected for a specific role, it cannot be changed. RITM provides the following role types:

  • Admin. Is used to provide access to other identities’ data and to the RITM platform.
  • Application. This role type provides access to applications.
  • Personal. Provides users with access to their own data.
  • Branded app. Allows branded apps to perform CRUD operations through API calls.

Rule

Rules allow you to instruct the system to automatically assign pre-defined roles to all entities that follow the specified criteria. Automation rules allow users to define system jobs that run at a predefined periodicity.

Schema

A schema is an extensible data model that you can use to define identities through specific sets of attributes.

Segment

Logical separators of identities in a collection. An identity can have only one instance in a particular segment, but can exist in multiple segments.

Structure

Structures represent a flexible way of organising identities. They can be flat (list of values) or nested (hierarchies of values). These in turn can be static (that the organisation defines explicitly) or dynamic (that are derived from users' attributes).

User

An individual account that has access to the system. Once access to the system is granted, system users can then have different roles within applications.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated by Stein Welberg on Jul 18, 2022
Next to read:
Security concerns
On This Page
TerminologyAPI keyApplication IDApplication secretAttributeCascade rolesCollectionConsentDelegationEntitlementEntityEventBranded appGroupIdentityManaged identityOrganisationProfile dataRoleRole typeRuleSchemaSegmentStructureUser