Identity Glossary

The Identity Security Glossary

Neutral, vendor-agnostic definitions for the terms that come up most in identity security: IVIP, PAM, IGA, ISPM, ITDR, non-human identity, and the categories around them.

33 terms

I

Identity Attack Surface Management (IASM)

ISPM

A neutral definition of Identity Attack Surface Management: mapping every path an attacker could take through identity and privilege, not just scoring the accounts you already know about.

Identity Governance and Administration (IGA)

IGA

A neutral definition of Identity Governance and Administration: the lifecycle and certification workflows it runs, and the data those workflows depend on.

Identity Graph

IVIP

A neutral definition of an identity graph: the correlated map of identities, accounts, and relationships that turns scattered records into a single, queryable structure.

Identity Lifecycle Management

IGA

A neutral definition of identity lifecycle management: the joiner-mover-leaver process that provisions, adjusts, and revokes access as a role changes.

Identity Operations Center (IOC)

IVIP

A neutral definition of an Identity Operations Center: the team and workflow that turns continuous identity data into daily triage, investigation, and remediation.

Identity Risk Score

ISPM

A neutral definition of an identity risk score: the composite metric that ranks accounts by exposure, and the inventory it depends on to be accurate.

Identity Security Posture Management (ISPM)

ISPM

A neutral definition of Identity Security Posture Management: what it scores, and the inventory that score depends on.

Identity Threat Detection and Response (ITDR)

ITDR

A neutral definition of Identity Threat Detection and Response: how it detects identity-based attacks, and what it needs to detect against.

Identity Visibility and Intelligence Platform (IVIP)

IVIP

An emerging category describing platforms that continuously discover, correlate, and monitor every identity across an enterprise. Here's what it means, and why visibility by itself is no longer the finish line.

IVIP Buyer's Guide

IVIP

Every vendor in this category will claim "visibility." Few will survive being asked what that word actually covers. Here's the evaluation framework and a copy-paste-able question set for your next RFP.

IVIP for AI Agents

Non-Human Identity

AI agents authenticate, inherit privilege, and execute across systems faster than most identity visibility and intelligence platforms were built to look. Here's what breaks when discovery is built for accounts that persist, and what an agent-native IVIP actually has to do differently.

IVIP vs. CIEM

Comparison

CIEM manages entitlements deep within a single cloud platform. An IVIP spans every domain, cloud and on-prem, and correlates across them. Here's why deep-in-one-cloud and wide-across-the-estate are different jobs, and why enterprises usually need both.

IVIP vs. IDaaS

Comparison

Identity as a Service (IDaaS) and an IVIP get confused because both touch "identity," but they solve almost entirely different problems. Here’s the actual boundary.

IVIP vs. Identity Data Fabric

Comparison

"Identity Data Fabric" and "Security Data Fabric" are newer analyst and vendor terms for connecting identity signals across an environment. Here’s how the idea overlaps with an IVIP, and where the framing differs.

IVIP vs. IGA

Comparison

IGA vendors are increasingly claiming IVIP-style visibility, and buyers are genuinely confused about whether their existing IGA "already does this." Here's the honest answer: where IGA's workflow engine ends and the data layer underneath it begins.

IVIP vs. ISPM

Comparison

ISPM tools score and prioritize identity risk. An IVIP is what that score is computed against. Here's why a posture score is only as trustworthy as the inventory feeding it, and how to tell the difference.

IVIP vs. ITDR

Comparison

ITDR detects and responds to identity-based attacks in progress. An IVIP is what gives it something accurate to detect against. Here's why detection speed and detection blind spots both trace back to the same upstream data problem.

IVIP vs. PAM

Comparison

PAM vaults, rotates, and brokers access for the privileged accounts it already knows about. An IVIP is what finds the privileged accounts PAM doesn't yet manage. Here's why 'we have PAM' and 'we have full privileged-account coverage' are two different claims.

See the Identity System of Record in Action

Hydden discovers, reconciles, and continuously governs every identity (human, machine, and agentic) across your enterprise.

© 2026 Hydden Inc. All rights reserved.Privacy PolicyTerms of Service