# Glossary ## Access Admin A workspace role responsible for managing user onboarding, approving device requests, controlling per-user service access rights, and managing device records. Access Admins receive email notifications for all workspace events. ## Active Provider A service that has been fully configured and connected to a Peig workspace. Active Providers appear in the Configuration app and can be assigned to users. ## Anti-copy protection Peig's mechanism for detecting and preventing device identity cloning. Uses static hardware identifiers and dynamic cryptographic registers that change with every use. If a cloning attempt is detected, the Access Admin is notified. ## Authentication Code A short-lived code generated by the Peig app on a registered device, used when signing in to native desktop applications such as Outlook or Teams. The code is automatically copied to the clipboard — the user simply pastes it into the application when prompted. The code is device-generated and tied to the registered device's session context. ## BYOD (Bring Your Own Device) An arrangement where employees or contractors use personal devices to access company resources. Peig supports BYOD without requiring device management. ## Dashboard The home screen of the Peig app on a user's registered device. Displays icons for all services the user has been granted access to. Services that have not been granted are not visible. Users access connected applications directly from the dashboard. ## Device binding The process of cryptographically associating a device's unique identity with a user's access rights in the Peig workspace. Access is only possible from a device that has been bound through the onboarding process. ## Device sync The process by which a user registers an additional device. Both devices must be physically present. The user authorises the new device from their already-registered one. ## Global Admin A workspace role responsible for configuring which services are connected to the workspace and managing Access Admin permissions. ## Identity proofing The step during onboarding or re-approval where an Access Admin verifies that a request is genuinely from the person it claims to be — typically through a separate communication channel. ## Identity Provider (IdP) A system that authenticates users and asserts their identity to other services. Peig acts as a SAML Identity Provider for connected applications after federation is set up. ## MDM (Mobile Device Management) Software used to manage, monitor, and control mobile and desktop devices. Peig does not require MDM and is not itself an MDM tool. See [Why Not MDM?](/welcome-to-peig-documentation/what-is-peig/why-not-mdm.md). ## OIDC (OpenID Connect) An identity layer built on OAuth 2.0, used for authentication in modern web applications. Peig supports OIDC alongside SAML for connecting applications to the workspace. ## Policy Enforcement Point (PEP) The component of the Peig workspace that checks every access request against the workspace's device-bound access policy before allowing it through to the target application. ## Provider ID A per-user identifier required by SAML-only applications (secondary providers) to map the Peig authentication to the correct user account in that application. Typically the user's email address for that service. ## Re-approval request A request initiated by a user who has lost all their registered devices. The Access Admin verifies the user's identity and approves the request — restoring access from a new device and removing all previous device records. ## SAML (Security Assertion Markup Language) An open standard for exchanging authentication data between an Identity Provider (Peig) and a Service Provider (an application). The primary protocol used by Peig to integrate with connected services. ## Secondary provider A SAML-only application connected to the Peig workspace that has no provisioning integration. User identifiers must be set manually via Provider ID, and user lifecycle in the application must be managed independently. ## Service Provider (SP) In SAML terminology, the application a user is trying to access. The Service Provider trusts authentication assertions from Peig acting as the Identity Provider. ## Suspension Blocking access for a user or device without permanently removing their account or records. Suspension is immediate and reversible. It can be applied at the user level (all devices, all services) or the device level (one device only). ## TAP (Temporary Access Pass) A time-limited, one-time passcode issued by a Microsoft Entra ID administrator. Used for device onboarding, provisioning, or recovery scenarios. ## Universal Authentication Cryptographic Protocol Peig's underlying protocol for device-bound authentication. Generates device-specific credentials at onboarding, signs each request with the device's private key, and binds the resulting session to the originating device. ## Users & Access The primary admin application in Peig for managing users, devices, onboarding requests, and service access rights. Used by Access Admins. From here admins can approve onboarding requests, grant or revoke service access, manage device records, and suspend users or devices. ## Workspace The central Peig environment that connects users, their devices, and the services they are authorised to access. Each organisation has its own workspace. ## Zero Trust A security model based on the principle of never trust, always verify — no user, device, or network is inherently trusted. Peig implements Zero Trust access security at the authentication layer through device-bound identity and per-request verification. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.peig.io/welcome-to-peig-documentation/glossary.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.