Overview Screen Recordings
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Hitachi ID Access Certifier Screen Recordings

Review list of subordinates, certify that they still need logins


Play movie

Content:

  • Certify that a list of users are still employed by the organization and each of them still reports to the manager performing the review.

Key concepts:

  • The simplest form of access certification asks "do these people still work here, and report to you?"
  • For each subordinate, the manager can accept (still works for me), revoke (left the organization) or transfer (works for another manager).
  • This type of review is normally hierarchical -- every manager in the organization is asked to review his or her list of direct reports, in a bottom-up sequence.
  • This is a good starting point for access certification.

Review group memberships


Play movie

Content:

  • Review a list of users in a security group.
  • Approve most, revoke one.

Key concepts:

  • Owners of security groups may be periodically invited to review the membership of their groups.
  • They can either accept or reject every group member.
  • When a group member is removed, this triggers a workflow request - with an audit trail and possibly further validation and/or approvals - before the user is actually removed from the group.

Review assigned roles


Play movie

Content:

  • Review a list of users who have been assigned a role.
  • Approve most, remove the role from one.

Key concepts:

  • In principle, any user may be asked to certify role assignment for any list of other users.
  • By default, a resource's owner is assigned to certify the users who have that resource (the resource is a role in this case).

Review violations to segregation of duties (SoD) policies


Play movie

Content:

  • Review a list of users violate an SoD policy.
  • For each violation, either remove one of the offending security entitlements or create an approved exception.

Key concepts:

  • SoD rules may be expressed in terms of individual entitlements (accounts, group memberships), roles or both.
  • SoD violations must be corrected manually, since the system cannot predict which of several conflicting entitlements should be removed and which are appropriate to the user's needs and should be kept.
  • SoD violations can also be approved, which means that there is a business reason to violate the policy.

Application-centric certification


Play movie

Content:

  • Application owner reviews a list of users with access to his application as well as their entitlements (groups) within that application.

Key concepts:

  • Review of application access by application owner.
  • Review includes fine-grained entitlements.
  • Organize data by user or by login ID/group.