Definitions¶

Attribute¶

Information about an object relating to an identity, a structure, or a resource (allocation). An attribute can be stored in the Systancia Identity site, retrieved from another repository via upstream feeding, or calculated from other attributes.

Example: Name, address, unique ID, role.

Upstream provisioning¶

Represents the process used by Systancia Identity to import any data from an external source (file, database, etc.) into its database.

Target application¶

This term describes an application for which Systancia Identity is able to automatically create user accounts and assign rights to them within that application.

Bevel/tiling¶

This is the recovery period (or overlap period) during which a user accumulates, following a change, the rights linked (by an authorization rule) to the old value of the attribute AND the rights linked to the new value of the attribute. At the end of the overlap period, the old rights are automatically unlinked and provisioned from the target applications.

Reconciliation chain¶

This is the list of the primary and secondary identity(ies) linked to each other.

Attribute category¶

A category allows you to group a set of attributes together in the same area on a person's record. Categories are used for graphical display purposes only.

Example: For the “Professional contacts” category, the following attributes can be grouped together: professional email address, professional landline number, professional cell phone number, professional address, etc. All attributes in the same category are displayed in the same frame on the person’s file.

Real account¶

This is the account that is provisioned by Systancia Identity in the configured repositories.

Theoretical account¶

This is an account generated by Systancia Identity based on the rights granted to the user. The theoretical account is then provisioned and becomes a real account or not depending on its status.

Allocations/Resources¶

All objects that can be assigned to a user (smartphone, PC, car, blouse,...). While allocations are generally physical objects, they can also represent abstract concepts such as a contract.

Right/Authorization¶

A right or authorization for a user in Systancia Identity that will be provisioned in a target application. An authorization in an application translates into the assignment of a role, a specific value in an attribute, or the assignment of a group.

Enumerations¶

Represents a field for which only predefined values are accepted, typically drop-down lists. Enumeration values can be stored in Systancia Identity or provisioned upstream.

Example: List of jobs.

Identity / Person¶

The term “person” will be used to refer to a real person, and “identity” to refer to a digital identity linked to a person. An identity is defined by a set of attributes (last name, first name, registration numbers...). A real person can have multiple digital identities

Primary identity¶

It is the reference identity of the reconciliation chain that will be used when merging accounts among the identities of the same reconciliation chain.

Secondary identities¶

The other identity or identities of the reconciliation chain.

Identity Role / Administration Profile¶

Defines a set of permissions for viewing, modifying, and deleting Systancia Identity features. The role can be limited in scope by the scope of the permission (for example: type of person, assignment, job).

Examples:

The "HR manager" role can view all identity records, but only modify the records of internal identities.
The "Department manager" role can modify the record of any identity within their own department, but cannot access certain personal information.

Scope of permission¶

In the definition of Identity roles, a scope is a set of conditions and filters that reduce the scope of an action. A condition always applies to the object of the action.

Example: In the “External Manager” role, the “Create persons” action is restricted by the condition on the person. A manager in charge of external identities can only create external identities.

Provisioning¶

Provisioning is the action of creating, modifying, or deleting user accounts and the rights associated with those accounts in target applications.

Manual Provisioning¶

It concerns the provisioning of application accounts that are not directly managed by Systancia Identity and therefore require manual intervention.

Authorization rule¶

A rule associates application rights with individuals in Systancia Identity, based on their attributes and their membership in a structure.

Example: All identities in the accounting department are assigned the "Access to the accounting application" permission and the "Access to the invoicing application" permission.

Regulation (EU) 216/679 of the European Parliament and of the Council of April 27, 216, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Systancia Identity Provisioning (SIP)¶

SYSTANCIA provisioning engine.

Structure¶

Structures are special objects in Systancia Identity. A structure is an organizational structure in tree format that can be used to model the structure of your organization. A structure is characterized by a "structure type" and belongs to a "tree" of structures, or hierarchical structure tree. A structure type represents a recurrent "node" or "leaf" on the tree structure.
This makes it possible to manage different trees as needed: Organizational, geographic, functional, etc.

Example: Section, department, functional unit, responsibility center, division, hospital, etc.

Workflow¶

Succession of steps through which the necessary operations are carried out (notifications, validation, tasks,...) for events such as the arrival or departure of a person.