Term · 2. Authentication & Authorization

Authentication AuthN

IDM/IGA Domain

AuthN ISO/IEC NIST FIDO Introduced by: Big4 (Deloitte / PwC / EY / KPMG)

Definition

Process of verifying that a principal is who they claim to be. Three classic factors: knowledge (password, PIN), possession (token, phone), inherence (biometric). Single-factor uses one; MFA combines two or more independent factors. Modern approaches: passwordless via FIDO/passkeys, certificate-based, biometric. NIST SP 800-63B AAL levels articulate strength.

Application: MidPoint: Authentication is a mechanism by which a computer system checks that the user is really the one she or he claims to be.

Related terms

Multi-factor Authentication (MFA)

Authentication requiring two or more independent factors from different categories: knowledge (password), possession (ph …
Credential

Data presented to authenticate or authorize — password, token, certificate, biometric, API key. NIST SP 800-63 distingui …
Identity Provider (IdP)

System that authenticates users and issues identity assertions (SAML responses, OIDC ID tokens) to relying parties. Cent …
Kerberos

Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
Login

Common term for the user-facing authentication interaction — entering credentials at a sign-in form. Modern patterns: pa …
Passwordless Authentication

Authentication without passwords, using phishing-resistant factors: FIDO2 passkeys, hardware tokens, biometric authentic …

← Back to glossary · Open in main list