Skip to main content
Access Control – The practice of restricting access to resources based on defined rules or roles. Primo enforces access control across devices, SaaS applications, and the admin console. Admin – A user with elevated permissions in Primo who can manage devices, employees, policies, and settings on behalf of the organization. Agent – A lightweight software component installed on a managed device that communicates with the Primo platform to enforce policies and report status. API (Application Programming Interface) – A set of protocols that allows external systems to interact with Primo programmatically. See Create a Primo API key. API Key – A credential used to authenticate requests to the Primo REST API. Primo supports both company-level and fleet-level API keys. Audit Log – A chronological record of actions taken within the Primo platform — including policy changes, device enrollments, and user access events — for compliance and troubleshooting. Authentication – The process of verifying the identity of a user or device before granting access to a system or application. Autopilot – Microsoft’s zero-touch deployment program for Windows devices, integrated with Primo for automated enrollment and configuration at first boot. Automation – A configured workflow in Primo that triggers actions automatically — such as provisioning SaaS accounts at onboarding or revoking access at offboarding. Bypass Code – A recovery code used to unlock a device when the standard authentication method is unavailable (e.g., Activation Lock bypass on Apple devices). Certificate – A digital credential used to authenticate devices or users, often deployed via MDM to enable secure Wi-Fi, VPN, or identity provider access. Compliance – The state of a device or user meeting the security and configuration requirements defined by your organization’s policies. Cost Optimization – The process of identifying and eliminating waste in SaaS spending — such as unused licences or duplicate subscriptions — surfaced through Primo’s SaaS Management. Deployment – The process of distributing software, configurations, or device profiles to managed endpoints, typically via MDM. Device – Any endpoint managed by Primo — including Mac, Windows, Linux, iOS, Android, and iPadOS devices. Device Management – The practice of centrally enrolling, configuring, securing, and monitoring company devices. See Introduction to MDM. Directory – A centralized store of user identities and their associated attributes, used to manage access across applications. Common examples: Google Workspace, Microsoft Entra ID. Directory Service – A service (such as Google Workspace or Entra ID) that acts as the authoritative source for user identities and group memberships. EDR (Endpoint Detection & Response) – Security software that monitors endpoints for threats and provides response capabilities. Primo integrates with CrowdStrike Falcon, SentinelOne, and ThreatDown. Encryption – The transformation of data into an unreadable format to prevent unauthorized access. Primo can enforce full-disk encryption (FileVault on Mac, BitLocker on Windows) via MDM policy. Endpoint – Any device that connects to a corporate network or accesses company resources — laptops, desktops, smartphones, and tablets. Enrollment – The process of registering a device into Primo’s MDM, enabling centralized management and policy enforcement. Fleet – The collective set of devices managed by an organization within Primo. HRIS (Human Resources Information System) – A platform that stores employee data. Primo can sync with your HRIS to automatically trigger onboarding and offboarding workflows. Identity – A digital representation of a user, comprising their credentials, attributes, and access rights across systems and applications. Identity & Access Management (IAM) – A framework for managing digital identities and controlling access to resources. Primo’s SaaS Management module provides IAM capabilities. Identity Provider (IdP) – A service that authenticates users and provides identity assertions to other applications via protocols like SAML or OIDC. Examples: Google Workspace, Microsoft Entra ID. Integration – A connection between Primo and a third-party application or service that enables data exchange or automated actions. Just-in-Time (JIT) Provisioning – A mechanism that automatically creates a user account in an application at the moment of their first login via SSO, without prior manual setup. Least Privilege – A security principle requiring that users and systems are granted only the minimum permissions necessary to perform their role. Licence – An entitlement to use a software product or service, typically tied to a user seat. Primo tracks licence consumption and can automate assignment and revocation. Lifecycle Management – The end-to-end management of an employee’s IT access and equipment — from onboarding to offboarding. MDM (Mobile Device Management) – A technology that allows organizations to remotely enroll, configure, monitor, and secure devices. Primo’s MDM supports Mac, Windows, Linux, iOS, and Android. MDM Control / Policy – A configuration rule deployed to managed devices via MDM — such as enforcing encryption, blocking USB storage, or managing installed applications. MFA (Multi-Factor Authentication) – An authentication method requiring users to verify their identity with two or more factors (e.g., password + authenticator app). Offboarding – The process of revoking an employee’s IT access, recovering their equipment, and deprovisioning their accounts when they leave the organization. Onboarding – The process of setting up IT access, provisioning accounts, and configuring devices for a new employee joining the organization. Policy – A set of rules enforced on managed devices or users — covering security settings, application access, and compliance requirements. Policy Enforcement – The automated application of policy rules to devices and users, ensuring compliance without manual intervention. Provisioning – The creation and configuration of user accounts, licences, or resources — typically triggered automatically at onboarding. recoveryOS – Apple’s built-in recovery environment, accessible during Mac startup. Primo can use recoveryOS protections to prevent unauthorized reinstallation. Role-Based Access Control (RBAC) – An access management approach where permissions are assigned based on a user’s role within the organization. SaaS (Software as a Service) – Cloud-based applications delivered over the internet on a subscription basis (e.g., Slack, Notion, Google Workspace). SaaS Stack – The full set of SaaS applications used by an organization, managed and tracked in Primo’s SaaS module. SAML (Security Assertion Markup Language) – An open standard for exchanging authentication and authorization data between identity providers and service providers, enabling SSO. SCIM (System for Cross-domain Identity Management) – A protocol that automates the provisioning and deprovisioning of user accounts across applications, triggered by your identity provider. SecureToken – An Apple mechanism required for enabling FileVault encryption and certain admin operations on macOS. Primo can manage SecureToken assignment. Security – The practice of protecting devices, data, and access through policies, monitoring, and automated controls — a core capability of the Primo platform. Shadow IT – Applications used by employees without IT’s knowledge or approval. Primo’s SaaS Discovery helps identify and govern shadow IT. Single Sign-On (SSO) – An authentication method that allows users to access multiple applications with a single set of credentials, reducing password fatigue and improving security. SSO Tax – A pricing practice where SaaS vendors charge a premium to unlock SSO or SCIM features, treating enterprise security as an add-on. Subscription – A recurring payment for access to a SaaS product or service, tracked and managed within Primo’s SaaS module. Synchronization – The automated process of keeping employee data, device states, or SaaS user records consistent between Primo and connected systems. Token – A credential or identifier used to authenticate a session or API request. Unenroll – The process of removing a device from Primo’s MDM management, after which policies and profiles are no longer enforced. User Management – The administration of user accounts, credentials, and access rights — including password policies, admin account management, and local user control. Zero Touch – A deployment method where devices are automatically enrolled and configured without any IT intervention required at the device. See Zero-touch deployment. Zero Trust – A security model that assumes no user or device should be inherently trusted, requiring continuous verification of identity and device posture before granting access.