2-Step Verification
Also known as two-factor authentication (2FA). This adds another layer of security by having a two-step process of signing into an account. First step would be to enter a password, and the second step will be another authentication method. The common second step authentication method involves a one-time password (OTP) sent to the registered mobile phone number or email address of the account. The OTP is then submitted by the user to complete the verification process.
Refers to the client application integrating with the Next Identity platform, such as a web or mobile application.
B2B (Business to Business) Workflow
In the Next Identity platform, this workflow describes end users who go through an invite /pre-register workflow in order to be registered, and who usually do not have the option of self registration. These users are stored in a separate database (entity type "user_b2b") from the consumer users.
B2C (Business to Consumer) Workflow
In the Next Identity platform, this workflow usually describes the users and journeys that are able to self register. These users are stored in a database (entity type “user”).
Customer identity and access management, or CIAM, is subset of the larger concept of identity access management (IAM) and is focused specifically on managing the identities of customers who need access to corporate websites, web portals and online stores.
Client ID
The ID used to authenticate the API call. This client ID is tied to your specific configurations and rules. Contact your Next Reason integration consultant if you do not know your client ID.
Client Secret
For each client and environment where you are using a confidential client type, we will provide you with a client secret so that you can complete a Token call. This method will also apply in situations where you use a direct_access client to access the database directly.

Applications using public client types (and using PKCE protocol for the /token call) will not need a client secret and one will not be provided.

Stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a challenge-response authentication that protects from spam and password decryption. To do this, the user is required to complete a basic test that humans can easily pass, and computers cannot.
FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 specifications are the World Wide Web Consortium's (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance's corresponding Client-to-Authenticator Protocol (CTAP).
This is a computer security measure that detects and counteracts attempts at unauthorized or malicious access of IT systems. It is an isolated, or siloed, monitored and maintained section of the system. It mimics real data and intentionally exposed or weakened, security-wise, so that malicious actors would be lured to it instead of the actual IT infrastructure. Information Security teams use this technique to see the motives and tactics being used to attack their systems.
OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” For example, you can tell Facebook that it’s OK for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password. This minimizes risk in a major way: In the event ESPN suffers a breach, your Facebook password remains safe.

OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between consumers and service providers. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.

Open ID Connect
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
Organization ID
Organization IDs are unique identifiers for a specific instance of Next Identity that includes a logically-separate set of environments and configurations. Your Organization ID is provided with your Next Identity license.
PII (Personally-Identifiable Information)
Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Generally refers to the access token. After receiving an authorization code, the `/token` endpoint sends back an access token for a user.
User ID
The end user's unique identifier, which can be either email or mobile phone number based on what is passed in the auth_type.
User Journey
The set of interactions and activities a user experiences while interacting with an application. In Next Identity Journeys, user journeys are carefully tailored to give the best experience in achieving tasks and activities within the platform.