Skip to main content

Previous Next PDF

Hitachi ID Password Manager Deployment Best Practices

arrowAbstract
This document outlines best practices for designing, installing and rolling out Hitachi ID Password Manager to manage credentials for on-premise and SaaS systems and applications.

Introduction

This document outlines best practices for designing, installing and rolling out Password Manager to manage credentials for on-premise and SaaS systems and applications.

The remainder of this document is organized as follows:

  • System objectives -- what credential management systems are designed to do.
  • Mission statement -- how organizations should structure their internal communication about priorities and objectives.
  • Metrics -- how to measure the impact on the system.
  • Stake-holders -- who to involve in design, implementation and ongoing support.
  • Deployment and support team -- who the core individuals are that must build out and support the system and what their initial and long term commitment will be.
  • Features and design -- what processes the system should automate.
  • User access to the self-service UI -- how to ensure that users can resolve login problems wherever they may be, at any time and on any device in any state.
  • Formulating a uniform password policy -- how to develop a set of password rules that work for every system and every user community.
  • Equivalent credentials -- caution about weak links in security and how to avoid them.
  • Security questions -- design considerations for enrolling security questions and using them to authenticate users who forgot their password.
  • Augmenting security questions with a second factor -- how to improve security by front-ending security questions with a stronger, one-time-password credential.
  • Infrastructure integrations -- what systems the credential management automation should integrate with.
  • Password Manager: technical architecture -- the runtime platform and network architecture on which Password Manager is deployed.
  • Password Manager: server hardening -- how to lock down OS, DB and web servers to protect the system.
  • Password Manager: BYOD access to on-premise credential management -- how to enable users to access self-service from their phones or tablets, which are typically not attached to the corporate network.
  • Auto-discovery of user profiles and accounts -- how to minimize care and feeding of the system using auto-discovery.
  • User enrollment -- inviting users to answer security questions; install smart phone apps; etc.
  • Maximizing user adoption and ROI -- strategies to get users to enroll and to use the system to resolve login problems.
  • Ongoing administration and support -- what can be expected in terms of long term care and feeding of the system.

Previous Next PDF
page top page top