Glossary

Common terms used throughout the GrantFlow docs.

Jump to: A · C · E · J · P · R · S · T

A

• Activation: A time‑bound elevation that grants a role’s permissions to a user or checked‑out account. See My Roles and Your First Activation.
• Activity Log: The tenant’s auditable history of requests, decisions, activations, and expirations. See Activity Log.
• Agent: The on‑prem component that executes operations against services like Active Directory. Managed by the control plane.
• Approver: A person or group responsible for approving/denying requests per policy. See Pending Requests & Approvals.
• Audit Trail: The immutable records of who did what, when, and why. See Activity Log.

C

• Checkout (Account): Temporarily acquiring credentials for a scoped or privileged account with time limits and auditing. See Account Checkout.
• Connector: An integration that provisions access in a target system (e.g., Entra ID, Active Directory). Configured by admins.
• Control Plane: The secure orchestration layer that dispatches jobs to agents/connectors and updates activation status.

E

• Entra ID: Microsoft’s cloud identity platform (formerly Azure AD). Roles and groups here may be part of provisioning.

J

• JIT (Just‑In‑Time): A security pattern where elevated permissions are granted only when needed and for the shortest necessary time.

P

• Principal: The authenticated identity (user or service) associated with a session and scoped to a tenant.
• Provisioning: Applying the permissions/groups for a role when an activation is approved. You can preview the exact changes via “View provisioning details”.

R

• Request: A submission to activate a role (or check out an account), including duration and business justification. See Your First Activation.
• Role: A collection of permissions and assignments that can be activated Just‑In‑Time. See My Roles.

S

• Scope: The boundary within which access applies (e.g., tenant, subscription, directory). Verify scope before acting.
• SLA: A target time for actions like approvals. Your organization may define SLAs for approver response.

T

• Tenant: An isolated environment representing your organization or a division. All requests and data are strictly tenant‑scoped.

Related

• Getting started: Access & Roles, Your First Activation
• User guides: My Roles, Pending Requests & Approvals, Activity Log, Account Checkout