Skip to main content

Hitachi ID Group Manager

About Hitachi ID Group Manager

Hitachi ID Group Manager is a self-service group membership request portal. It allows users to request access to resources such as shares and folders, rather than initially specifying groups. Group Manager automatically maps requests to the appropriate security groups and invites group owners to approve or reject the proposed change.

Group Manager is available both as a stand-alone solution and as a no-cost module included with Hitachi ID Identity Manager.

Business Challenge

In many organizations, there are more Active Directory groups than there are users. Management of membership in these groups can be a major problem:

  • There is a high volume of change requests and
  • Users are unfamiliar with groups and instead call the help desk complaining about "access denied" errors.

Group membership management is time consuming:

  • Help desk calls are escalated to a security team.
  • Security analysts must:
    • Locate the object which a user tried to access.
    • Find a group with suitable privileges.
    • Locate the group's owner and ask for permission to add the user.
Solution and Features

Group Manager is a solution for managing membership in Active Directory groups. It allows users, who are often unfamiliar with AD groups, to initiate requests for access:

  • Users specify a resource such as a share or folder.
  • Group Manager offers the user a menu of access control options, each consisting of a group, access rights and an owner.
  • Users select the appropriate group to request membership.
  • An Group Manager workflow invites the group owner or another stake-holder to approve the change.
  • Approved requests are automatically fulfilled.
  • The user is notified of the change. Users may have to sign out of and back into Windows, for the change to take effect (via a new Kerberos token).
page top page top