Identity governance glossary
Plain, answer-first definitions of the identity governance terms that matter for growing companies: IGA, SCIM, access reviews, just-in-time access, non-human identity, and more.
Access reviews
Access certification
Access certification is the formal process of confirming that each user's access is still appropriate, with a reviewer signing off per entitlement and revocations executed for anything rejected. It is the compliance term for a user access review, usually run as scheduled campaigns and required by frameworks like SOC 2 and ISO 27001.
Attestation
Attestation is the formal statement by an accountable person that a set of access is correct as of a point in time. It is the sign-off step of an access review or certification: the reviewer puts their name to the decision. An attestation is only as good as the context behind it and the enforcement that follows.
User access review
A user access review is a periodic check of who has access to what, where a reviewer decides per entitlement whether each grant is still appropriate and revokes what is not. It is a core control for SOC 2, ISO 27001, and similar frameworks, and the primary defense against privilege creep and orphaned access.
Identity lifecycle
Deprovisioning
Deprovisioning is the removal of a user's access across every app and system when they leave, change roles, or no longer need it. It covers disabling accounts, revoking permissions and group memberships, ending sessions, transferring owned data, and recording each action for audit. Done right, it reaches every system, not just the ones behind SSO.
Joiner-mover-leaver (JML)
Joiner-mover-leaver (JML) is the model for managing a worker's access across their time at a company. Joiner: grant the right access on day one. Mover: adjust access when their role changes. Leaver: remove all access when they go. Each stage is triggered from an authoritative source, usually the HRIS, and applied across every app.
Provisioning standards
SCIM (System for Cross-domain Identity Management)
SCIM (System for Cross-domain Identity Management) is the industry-standard protocol for automated user provisioning. It lets an identity provider create, update, and deactivate accounts in an app over a standard API, keeping the app in sync with a source of truth. SCIM handles account plumbing; it does not handle governance.
SCIM provisioning
SCIM provisioning is automated user provisioning done over the SCIM protocol: an identity provider creates, updates, and deactivates accounts in an app, and syncs group memberships, without manual work. It is the standard way to keep SCIM-capable apps in sync with a source of truth. It stops at apps that lack SCIM and at governance beyond account sync.
SCIM vs SAML
SCIM and SAML solve different problems. SAML handles authentication: proving who a user is so they can log in via single sign-on. SCIM handles provisioning: creating, updating, and deactivating the user's account in the app. SAML lets someone log in; SCIM makes sure their account exists and is current. Most companies use both.
Risks and cleanup
Orphaned account
An orphaned account is an active account with no valid owner: the person left, changed roles, or never should have had it, but the account still exists and often still works. Orphaned accounts accumulate when deprovisioning misses systems. They are a standing security risk and a common audit finding.
Zombie account
A zombie account is an active account that nobody uses: dormant, forgotten, but still enabled and still consuming a license. It may belong to a departed employee, a finished project, or a tool nobody adopted. Zombie accounts are a security risk because they go unwatched, and a cost because they keep billing.