The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER

<  BACK TO FULL GLOSSARY

Glossary Terms: O

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

OAuth 2.0

IAM concepts
OAuth 2.0 is an authorization framework that enables applications to obtain limited access to HTTP services without exposing credentials.
Read More

Overprovisioned Account

Security concepts
An overprovisioned account has more access privileges than necessary for its role or function. When service accounts, CI/CD pipelines, or other nonhuman identities are granted broader permissions than required, attackers can exploit the excess for lateral movement and privilege escalation.
Read More

OAuth

Security concepts
OAuth 2.0 is an authorization framework defined by IETF RFC 6749 that enables applications to obtain limited access to protected resources without exposing credentials. OAuth answers “What can they access?” by issuing short-lived bearer tokens with specific scopes. For identity verification and authentication, OAuth 2.0 must be combined with protocols like OpenID Connect.
Read More

OpenID Connect

IAM concepts
An identity layer built on top of OAuth 2.0 that provides authentication services for web and mobile applications. OpenID Connect allows clients to verify the identity of end-users based on the authentication performed by an authorization server, providing user information as JWTs. It also enables federated identity management by allowing clients to verify user identity based on tokens issued by an identity provider.

Over-provisioned Account

NHI security threats
An over-provisioned account has more access privileges than necessary for its role or function. This creates a security risk, as the excess privileges could be exploited by attackers or lead to unintentional access to sensitive systems.