A Principal represents an Entity|keyword=Entity that can authenticate into the system. One can roughly correlate a Principal to a login username. Entities|keyword=Entity can exist in KIM without having permissions or authorization to do anything; therefore, a Principal must exist and must be associated with an Entity|keyword=Entity in order for it to have access privileges. All authorization that is not specific to Groups|keyword=Group is tied to a Principal. In other words, an Entity is for identity while a Principal is for access management. Also note that an Entity is allowed to have multiple Principals associated with it. The use case typically given here is that a person may apply to a school and receive one log in for the application system; however, once accepted, they may receive their official login, but use the same identity information set up for their Entity record.