Hitachi ID Password Manager Deployment Best Practices
The remainder of this document is organized as follows:
- System objectives -- what credential management systems are
designed to do.
- Mission statement -- how organizations should structure
their internal communication about priorities and objectives.
- Metrics -- how to measure the impact on the system.
- Stake-holders -- who to involve in design, implementation
and ongoing support.
- Deployment and support team -- who the core individuals
are that must build out and support the system and what their
initial and long term commitment will be.
- Features and design -- what processes the system should
- User access to the self-service UI -- how to ensure that
users can resolve login problems wherever they may be, at any time
and on any device in any state.
- Formulating a uniform password policy -- how to develop
a set of password rules that work for every system and every user
- Equivalent credentials -- caution about weak links in
security and how to avoid them.
- Security questions -- design considerations for enrolling
security questions and using them to authenticate users who forgot their
- Augmenting security questions with a second factor -- how
to improve security by front-ending security questions with a stronger,
- Infrastructure integrations -- what systems the credential
management automation should integrate with.
- Hitachi ID Password Manager: technical architecture -- the runtime platform
and network architecture on which Password Manager is deployed.
- Password Manager: server hardening -- how to lock down OS, DB and
web servers to protect the system.
- Password Manager: BYOD access to on-premise credential management --
how to enable users to access self-service from their phones or
tablets, which are typically not attached to the corporate network.
- Auto-discovery of user profiles and accounts -- how to
minimize care and feeding of the system using auto-discovery.
- User enrollment -- inviting users to answer security
questions; install smart phone apps; etc.
- Maximizing user adoption and ROI -- strategies to get users
to enroll and to use the system to resolve login problems.
- Ongoing administration and support -- what can be expected
in terms of long term care and feeding of the system.