---
title: Key functions
description: The data object model in PingOne Advanced Identity Cloud should support the key functions of an identity platform including one or more of the following:
component: pingoneaic
page_id: pingoneaic:planning:plan-object-modeling-key-functions
canonical_url: https://docs.pingidentity.com/pingoneaic/planning/plan-object-modeling-key-functions.html
keywords: ["Identity Cloud", "Object modeling", "Data object model", "Functions"]
page_aliases: ["plan-deploy:planning-object-modeling-key-functions.adoc"]
---

# Key functions

The data object model in PingOne Advanced Identity Cloud should support the key functions of an identity platform including one or more of the following:

* **Identification**: Occurs when a user or entity makes a claim about their identity when attempting to gain access to a system or resource. For example, a user enters their username or ID to access a system. Learn how to achieve this via a journey in [login journey](../journeys/journeys.html#login).

* **Authentication**: Occurs when the user or entity proves their identity to the satisfaction of the access system. For example, a user enters their password or their identity is confirmed through some other process, which is verified by the system. Learn more in [Introduction to Authentication](../am-authentication/authn-introduction-authn.html).

* **Authorization**: Occurs when the system checks that the user or entity is allowed to access the resource or system after proper identification and authentication. Learn more in [Authorizations and policy decisions](../am-authorization/what-is-authz-decision.html).

* **Identity provisioning**: Ensures user accounts are created, updated, deleted, and assigned the proper access privileges to resources across applications and systems.

  You can achieve this in various ways in Advanced Identity Cloud:

  | Item                                                                          | Description                                                                                                                                                                                            |
  | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
  | [Application management](../app-management/applications.html)                 | Use a library of templates for OIDC applications that makes the process of registration, provisioning, and configuration quick and easy.                                                               |
  | [Bulk import identities](../identities/bulk-import-identities.html)           | Use a CSV file to import a set of identities. This is useful when you want to add a large number of identities to [Roles and assignments](../identities/roles-assignments.html) in a single operation. |
  | [Roles and assignments](../identities/roles-assignments.html)                 | Create an entitlements structure that fits the needs of each [realm](../realms/alpha-bravo-realms.html) by using roles and assignments.                                                                |
  | [Sync identities](../identities/sync-identities.html)                         | Synchronize identities from an external data store.                                                                                                                                                    |
  | [Pass-through authentication](../identities/pass-through-authentication.html) | Use pass-through authentication to validate user passwords via a remote service.                                                                                                                       |

![Object modeling key functions](_images/object-modeling.svg)Figure 1. Key functions of the data object model