Aembit IAM for Agentic AI now supports Microsoft Copilot Studio. Read More →

Get an Aembit Tenant
TALK TO AN ENGINEER

<  BACK TO FULL GLOSSARY

Glossary Terms: O

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

OAuth 2.1

IAM concepts
OAuth 2.1 is an updated consolidation of the OAuth 2.0 framework that formalizes security best practices accumulated over years of real-world deployment. It eliminates deprecated grant types, mandates PKCE for all authorization code flows, and tightens token handling requirements. For workloads and AI agents authenticating to APIs and MCP servers, OAuth 2.1 represents the modern baseline for secure, standardized authorization between non-human identities and protected resources.

OAuth 2.0

IAM concepts
OAuth 2.0 is an authorization framework that enables applications to obtain limited access to HTTP services without exposing credentials.
Read More

Overprovisioned Account

Security concepts
An overprovisioned account has more access privileges than necessary for its role or function. When service accounts, CI/CD pipelines, or other nonhuman identities are granted broader permissions than required, attackers can exploit the excess for lateral movement and privilege escalation.
Read More

OAuth

Security concepts
OAuth 2.0 is an authorization framework defined by IETF RFC 6749 that enables applications to obtain limited access to protected resources without exposing credentials. OAuth answers “What can they access?” by issuing short-lived bearer tokens with specific scopes. For identity verification and authentication, OAuth 2.0 must be combined with protocols like OpenID Connect.
Read More

OpenID Connect

IAM concepts
An identity layer built on top of OAuth 2.0 that provides authentication services for web and mobile applications. OpenID Connect allows clients to verify the identity of end-users based on the authentication performed by an authorization server, providing user information as JWTs. It also enables federated identity management by allowing clients to verify user identity based on tokens issued by an identity provider.

Over-provisioned Account

NHI security threats
An over-provisioned account has more access privileges than necessary for its role or function. This creates a security risk, as the excess privileges could be exploited by attackers or lead to unintentional access to sensitive systems.