| Authentication | The process of validating that a user is who they claim to be. Also referred to as logging in to a system |
| Federation | A group of IdPs and SPs that agree to play by a common set of technical and business rules |
| Identity Provider (IdP) | A system which communicates a user’s current authentication state and optional profile data to a service provider |
| Security Assertion Markup Language (SAML) | A communication protocol used by IdPs and SPs |
| Service Provider (SP) | A system which communicates with an IdP and conveys the user’s authentication state and profile data to a protected resource (e.g., a web site) |
| Identity Management System (IdM) | System which manages individual identifiers, their authentication and authorization |
| Single Sign-on (SSO) | A process of authenticating a user to an SP without prompting the user for information |
| Top-Level Package | It is defined as a group of services and packages that can be requested and granted to an Organization or User. A package acts as a gateway which provides secure access to the applications/services associated with the package |
| Sub-Package | It is defined as a group of services that is always associated with a parent package |
| Service | It is defined as an application which is always linked with a package. By default, a service is automatically created when a top-level package or a sub-package is created. Services appear in the portal or CIS landing page with its own URL and link name |
