Contents

• Key Concepts and Definitions
• Architectural Overview
• About the Administration Console
• About the REST API 

Key Concepts and Definitions

Account - Sometimes called 'users', an Account is more specifically a unique identity within a Directory.  Stormpath does not call these Users because the word 'user' usually implies a person. Accounts however can also represent 3rd-party software or non-human clients.  But you can essentially think of an account as Stormapth's 'User' concept.  Accounts may be used login to Applications.

API Key - A unique ID paired with a very secret value. The ID + the secret together are an API Key. API Keys are used by software applications to communicate with Stormpath IAM via the Stormpath REST API.

Application - A software application that can communicate with Stormpath.  This is usually your real world application that you are building, such as a web application, but it can also be infrastructural software, like a unix machine or web server.

Authentication - the act of proving someone (or something) is actually who they say they are.  When you authenticate an account, you have a high degree of certainty that the account identity is legitimate.

Authorization - (aka Access Control): the process of managing and enforcing access to protected resources, functionality or behavior.

Directory - A collection of accounts and groups. Administrators can use different directories to create silos of accounts. For example, you might store your customers in one directory and your employees in another.

Directory Agent - A Stormpath software application that you install in your corporate network to securely synchronize an on-premise Directory like LDAP or Active Directory into a Stormpath Cloud Directory.

Directory Mirroring - Securely replicating selected data from one directory (called the source directory) into another directory (the 'target' or 'mirrored' directory) for the purposes of authentication and access control. The source directory is the authoritative source for all data. Changes are propagated to the target/mirror directory for convenience and performance benefits.

Group - A collection of accounts within a directory.  In Stormpath this serves the same purpose of a 'Role' for those familiar with Role-Based Access Control.

IAM - Identity and Access Manager.  The name of the core Stormpath product, accessed via API or web console.

Identity Management - the management of individual identities, their authentication, authorization, and permissions to increase security and productivity and decrease cost, downtime, and repetitive tasks.

Login Source - A Directory or Group associated with an Application for the purpose of account authentication.  Accounts within Login Sources that are associated with an Application may login to that Application.

Role - A classification of accounts, like 'administrators' or 'employees'.  In Stormpath IAM, roles are represented as Groups.  There is no concrete role concept - the word 'Role' is effectively a synonym for 'Group' in Stormpath.

Role-Based Access Control (aka RBAC) - The act of controlling access to protected resources or behavior based the groups assigned to a particular account.  In Stormpath, the word 'Group' is used instead of 'role'.  You perform RBAC using Stormpath Groups. 

REST API - a software architectural style enabling data transfer and functionality via common web-based communication protocols. Stormpath provides a REST API for Tenants so they may easily integrate Stormpath with their own software applications.

Tenant - A private partition within Stormpath that contains all of your data and settings—namely your applications, directories, groups and accounts. When you sign up for Stormpath, a tenant is created for you. You can add other user accounts (for example, for your co-workers) to your tenant to help you manage your data. Many companies like to have one tenant where they can easily manage all of their applications, directories and accounts across their organization for convenience.

Architectural Overview

About the Administration Console

The Stormpath Administration Console allows authorized administrators to:

• Configure applications to access the Stormpath Identity and Access Manager

• Create and manage accounts and adjust their group and role membership

• Create and manage directories and manage their groups and roles

• Map directories to allow accounts to log into integrated applications

• Configure workflow automations 

To access the Stormpath Administration Console, visit https://api.stormpath.com/login

About the REST API

The Stormpath API offers authorized developers and administrators programmatic access to:

• Securely authenticate an account

• Create and manage accounts and adjust their group and role membership

• Create and manage directories

• Create and manage groups and roles

• Initiate and process workflow automations

For more detailed documentation on the Stormpath API, visit the API Reference Documentation.