Resource Center
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

White Papers

  • Self-Service, Anywhere™:
    This document explains how Hitachi ID Password Manager addresses the login problems experienced by mobile users with full disk encryption, cached credentials, smart phones, smart cards and tokens.
  • From Password Reset to Authentication Management:
    The evolution of password management -- from simple password reset to enterprise-scale management of all authentication factors.
  • Enterprise Password Management Best Practices:
    Best practices for enterprise password management. Classifies security threats and discusses practical strategies to counter password guessers, packet sniffers, sticky notes and more.
  • Secure Management of Privileged Passwords:
    Identifies technical challenges and offers solutions for effectively managing large numbers of sensitive passwords.
  • Password Policy Guidelines:
    Guidelines for secure password management, including policy on composition, transmission and expiration of passwords.
  • Choosing Good Passwords:
    A plain-language guide, suitable for sharing with end users, to security threats posed by password cracking software and how to apply good password rules to prevent security compromises.
  • Password Reset for Locked Out Users:
    An objective comparison of alternate strategies to addressing the problem of helping users that forgot their initial network login password.
  • Challenge/Response Authentication:
    Constructing secure, usable policies for authenticating users who forgot their password by asking them to answer a series of security questions.
  • Integrating Password Management with Single Sign-On:
    Learn about where password synchronization, password reset and single sign-on interact and how/why they should be integrated.
  • Password Management for Mobile Users:
    Managing passwords for mobile users is more challenging than managing passwords to network-attached users. Challenges include managing local passwords on thousands of workstations, coping with cached credentials and supporting mobile users who forgot their initial workstation sign-on password.
  • Password Management for ISP Subscribers:
    As ISPs scale to hundreds of thousands and millions of end customers, the cost to support repetitive problems such as password resets rises to significant levels, reaching millions of dollars annually. This document describes password management specifically for ISPs.
  • Password Management Project Roadmap:
    A roadmap for password management projects, starting with a needs analysis, through requirements and product selection, and including deployment and ongoing management of the system.
  • Data Replication in Privileged Password Management Systems:
    Privileged passwords must be protected more vigorously than any other data in an organization. This document describes why and how.
  • Password Manager Features:
    A brief overview of Hitachi ID Password Manager features.


  • Identity Management as a Service: Deploying IAM in a SaaS Model:
    This document discusses strategies for deploying an identity and access management system (IAM) using a software as a service (SaaS) provider. It identifies business and technical challenges that arise when an IAM system is moved outside of an organization's private network perimeter and offers solutions to address them.
  • Intersection of Identity Management and Cloud Computing:
    This document is a comprehensive analysis of all the ways that Identity and Access Management (IAM) solutions can be run in and integrate with cloud computing systems. Both cloud computing and IAM are relatively new, so the first part of this document defines key concepts and terminology. Next, assumptions that clarify the scope of this document in terms of network topology and functionality are presented and finally a comprehensive list of architectural scenarios are presented, along with an analysis of the costs, risks and benefits of each scenario.

  • Selecting a User Provisioning Product:
    Considerations for selecting a user provisioning product which will help an organization successfully replace manual security administration with automation and self-service.
  • Selecting a Password Management Product:
    Advice to prospective buyers of a password management system as to what features, services and vendor characteristics to look for, in order to maximize the chances for a successful project outcome.
  • Password Reset for Locked Out Users:
    An objective comparison of alternate strategies to addressing the problem of helping users that forgot their initial network login password.
  • Password Manager Competitive Advantages:
    There are many password management products on the market. Password Manager is the market leader because of superior technology, lower TCO and higher ROI.
  • Enterprise IdM: Suite vs. Best of Breed:
    Considerations when selecting IAM products: are suite vendors, which can address every conceivable need but some of whose products may be less than ideal and/or not well integrated preferable to a handful of best-of-breed products, which cannot address every need but which optimally fill specific needs.
  • Problems with Traditional E-SSO:
    Lays out what works and, more importantly, what doesn't work well with traditional approaches to enterprise single sign-on. It goes on to describe an alternate approach to reducing the frequency of sign-on prompts presented to users, that does not have any of the problems described here.

  • Enterprise Scale User Provisioning with Hitachi ID Identity Manager:
    The challenges faced by organizations wishing to manage identities and entitlements across a variety of systems and applications, and how automation and self-service can be used to improve security, reduce IT support cost and improve user service.
  • Hitachi ID Identity Manager Features:
    A brief overview of Hitachi ID Identity Manager features.
  • Enterprise-Scale Password Management with Password Manager:
    Addressing challenges such as forgotten or locked out passwords and users who write down their passwords using password synchronization, self-service password reset and assisted password reset.
  • Securing Sensitive Passwords with Hitachi ID Privileged Access Manager:
    Hitachi ID Privileged Access Manager enables organizations to secure privileged passwords. It periodically randomizes them. Users must sign into it when they need to access a sensitive account. The password change and disclosure process creates strong, personal authentication authorization over which passwords are visible to whom and audit of access attempts (AAA).
  • Password Manager Deployment Best Practices:
    Outlines best practices for designing, installing and rolling out Password Manager to an enterprise-scale user population.
  • Integrating the Identity and Access Management Suite with WebSSO Systems:
    Discusses how the Identity and Access Management Suite can be deployed in conjunction with WebSSO products, how the technologies interact, and how they complement one another.
  • Password Manager Security Analysis:
    Password Manager impacts authentication processes and standards. Describes this impact, and how to ensure that it is a positive change. Password Manager is also a sensitive part of an organizations I.T. infrastructure, and consequently must be defended by strong security measures. The technology used by Password Manager to protect against intrusions, as well as best practices to deploy that technology, are described here.
  • Using Password Manager to Help with Application Migrations:
    Describes a number of ways in which Password Manager can be used to ease migrations from one system or directory to another.
  • Password Manager Telephony Integration:
    Outlines how Password Manager can be integrated with an interactive voice response (IVR) system, to enable self-service password reset from a telephone, self-service token management from a telephone and active enrollment of biometric voice print samples.
  • Locking Down a Identity Manager Server:
    It is important to protect both the Identity Manager server and the data it stores. This document describes how.
  • Locking Down a Password Manager Server:
    It is important to protect both the Password Manager server and the data it stores. This document describes how.
  • Privileged Access Manager Features:
    Privileged Access Manager is a system for securing privileged passwords across many servers and workstations. It periodically randomizes them, stores the resulting values in a replicated database and - when appropriate - discloses passwords to administrators, applications and services.
  • Addressing Excess Privileges using Access Certifier:
    Describes how access certification can be used to address the problem of privilege accumulation in a manner consistent with regulations such as Sarbanes-Oxley, HIPAA, 21CFR11 and GLB.
  • Self-Service AD Group Management:
    Hitachi ID Group Manager is software from Hitachi ID Systems for managing membership in groups, where groups exist on Hitachi ID Group Manager target systems -- principally Active Directory. It allows users to initiate security change requests -- principally requests to join or exit network operating system security groups -- in a self-service manner, without the need for users to understand the underlying security infrastructure.
  • Successful Enterprise Single Sign-on: Addressing Deployment Challenges:
    Summarizes the problems users experience when managing too many passwords. It describes the various approaches available to organizations to reduce the password burden on users and to improve the security of their authentication systems.
  • Managing Lotus Notes ID File Passwords Using Password Manager:
    Managing Lotus Notes ID file passwords presents some unique and complex challenges. This document provides an overview of these challenges, and the various ways in which they can be addressed using Password Manager.

  • Identity Management Defined:
    Introduction to the topic -- what are identities, why managing them can be a challenge worth addressing, etc.
  • Identity Management Terminology:
    Define a range of identity-related terminology that seems to have different meanings depending on whom you talk to.
  • Defining Enterprise Identity Management:
    Identity management is a much used term that refers to a set of technologies intended to manage a basic problem: information about the identity of employees, contractors, customers, partners, customers and vendors is distributed among too many systems, and is consequently difficult to manage. This document defines the components of enterprise identity management technologies. It describes the underlying business problem of managing user identity information on a variety of systems. It then defines identity management in the context of this problem, and describes technologies used to manage user identities effectively in the enterprise.
  • Overview of Role Based Access Control:
    Introduces role based access control (RBAC), as applied to large numbers of users and multiple IT systems.
  • Access Governance Using the Hitachi ID Identity and Access Management Suite:
    This document introduces the concept of access governance. This concept is linked to corporate business drivers around risk management and audit and explains how the Hitachi ID Identity and Access Management Suite meets access governance requirements.

  • Standard IAM Business Processes: Corporate / Intranet Deployment:
    Best practices for managing users, identity attributes and entitlements in a typical "corporate" environment
  • Standard IAM Business Processes: B2B / Partner Portal:
    Best practices for managing users, identity attributes and entitlements in a typical Extranet-facing partner portal
  • Standard IAM Business Processes: B2C / Customer Portal:
    Best practices for managing users, identity attributes and entitlements in a typical Extranet-facing customer portal
  • Best Practices for Identity Management Projects:
    Presents best practices for deploying and operating an identity management infrastructure. Builds on Hitachi ID Systems' years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
  • Identity Management Project Roadmap:
    A guide to the entire life of a successful identity management project, including: a needs analysis, who to involve in the project, how to select the best product, technical design decisions, how to effectively roll out the system and how to monitor and assure sound ROI.
  • Reasons to Deploy Password Management before User Provisioning:
    Why deploying a relatively simple set of functionality -- password synchronization and self-service password reset -- can aid the subsequent deployment of more complex capabilities such as user provisioning or access certification.
  • Extranet Identity and Access Management:
    An overview of the identity management requirements that arise in an Extranet portal, where a corporation provides services to a large number of external users -- typically consumers and in some cases partners.
  • User Provisioning Best Practices:
    Describes and justifies current user provisioning best practices in an enterprise network. It is intended to offer reasoned guidance to information technology decision makers when they set security policy and design processes to manage user identity data, such as accounts and directory objects, across multiple enterprise systems.
  • Addressing Identity Management Deployment Challenges:
    This Hitachi ID Systems white paper describes the major challenges in deploying an enterprise identity management (IdM) system, including data cleansing, role engineering and workflow definition and maintenance. The information presented here is derived from hundreds of deployments performed over many years.
  • Beyond Roles:
    A Practical Approach to Enterprise User Provisioning, which does not depend on the completion of a role engineering project to move to production.
  • Best Practices for Managing User Identifiers:
    Best practices for assigning and managing unique identifiers to the users of computer systems in medium to large organizations.


  • Sarbanes-Oxley Act:
    The Sarbanes-Oxley act was enacted by the United States Congress in July 2002. It requires publicly traded companies to ensure that they are properly reporting financial information. One of the most critical sections is section 404, which requires internal control over the creation of financial reports, and mandates responsibility for access privileges. This section is crucial for IT organizations to understand and act on.
  • PCI-DSS:
    The Payment Card Industry Data Security Standard (PCI-DSS) is a brief, pragmatic and very reasonable set of standards intended to guide financial institutions, retailers and other data processors in protecting data about credit cards and their owners.
  • FDA 21 CFR Part 11:
    Pharmaceutical and other biotech companies are subject to regulation by the food and drug administration (FDA). One of the FDA regulations, regarding electronic signatures and the integrity of electronic systems, is FDA 21 CFR 11.
  • HIPAA:
    The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines what is required of healthcare organizations to ensure the portability of healthcare coverage and the privacy of patient records.

  • General Introduction to Privileged Access Management:
    Introduction to the business challenges of securely managing access to privileged accounts and the technical approaches available to secure administrator, service and application-to-application IDs.
  • Privileged Access Manager Product Q&A:
    Introduction to the business challenges of securely managing access to privileged accounts and the technical processes built into Privileged Access Manager to secure access to administrator, service and application-to-application IDs.

  • Best Practices for Managing Access to Privileged Accounts:
    Describes the business problems that a privileged access management system is intended to address. Goes on to describe best practices for defining and enforcing policies regarding access to privileged accounts on a variety of systems.
  • Data Replication in Credential Vaults:
    Privileged passwords must be protected more vigorously than any other data in an organization. This document describes why and how.
  • Design and Implementation of Administrator Session Monitoring:
    This document introduces the business case for implementing a session monitoring system to record login sessions to privileged accounts. It examines a series of technological design decisions that must be considered when developing a session monitoring system and offers guidance about how such a system might be best deployed and managed in practice.

  • Securing Privileged Accounts with Hitachi ID Privileged Access Manager:
    Hitachi ID Privileged Access Manager enables organizations to secure privileged accounts. It periodically randomizes privileged passwords. Users must sign into it when they need to access a sensitive account. The password change and access disclosure process creates strong, personal authentication authorization over which passwords are visible to whom and audit of access attempts (AAA).
  • Hitachi ID Privileged Access Manager Features:
    Hitachi ID Privileged Access Manager is a system for securing access to privileged accounts across many servers and workstations. It periodically randomizes privileged passwords, stores the values in a replicated database and - when appropriate - discloses access to administrators, applications and services.
  • Securing Embedded Passwords with Hitachi ID Privileged Access Manager:
    Applications often need to connect to other applications or services on the network to function. For example, a web application may have to connect to one or more databases to retrieve or update data, to web services to initiate transactions, to a directory to create or update user objects, etc.