Skip to main content

Auto Discovery of Users and Entitlements - Hitachi ID Access Certifier

Access certification is based on real, measured security entitlements -- not just the security rights that an identity management and access governance system predicts that users should have.

(1) Hitachi ID Access Certifier includes an auto-discovery engine, which typically extracts information about users and groups from target systems nightly.

  • An auto-discovery engine extracts a full inventory of login IDs, from each target system, nightly.

  • The auto-discovery engine extracts a list of all available groups from each target system, nightly.

  • For groups that have been designated as "managed," the auto-discovery engine also extracts full group membership from the target systems.

  • The auto-discovery engine automatically creates, updates and removes user profiles in the internal Access Certifier database, based on the appearance of user accounts on systems that are considered authoritative sources of Access Certifier IDs.

  • Information such as last-login-date is used to identify dormant accounts, globally.

  • Identity attributes configured as "managed" in Access Certifier are read from each target system, into the Access Certifier identity cache.

Auto-discovery is incremental on systems that support this -- such as Active Directory and most other LDAP directories. A full extract is produced on systems where incremental listing is not supported, and a delta is calculated on the Access Certifier server before being loaded into the Access Certifier database.

page top page top