Home
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Hitachi ID Group Manager


About Hitachi ID Group Manager

Hitachi ID Group Manager is a self-service group membership request portal. It allows users to request access to resources such as shares and folders, rather than initially specifying groups. Group Manager automatically maps requests to the appropriate security groups and invites group owners to approve or reject the proposed change.

Group Manager is available both as a stand-alone solution and as a no-cost module included with Hitachi ID Identity Manager.

Business Challenge
Solution and Features

In many organizations, there are more Active Directory groups than there are users. Management of membership in these groups can be a major problem:

  • There is a high volume of change requests and
  • Users are unfamiliar with groups and instead call the help desk complaining about "access denied" errors.

Group membership management is time consuming:

  • Help desk calls are escalated to a security team.
  • Security analysts must:
    • Locate the object which a user tried to access.
    • Find a group with suitable privileges.
    • Locate the group's owner and ask for permission to add the user.

Group Manager is a solution for managing membership in Active Directory groups. It allows users, who are often unfamiliar with AD groups, to initiate requests for access:

  • Users specify a resource such as a share or folder.
  • Group Manager offers the user a menu of access control options, each consisting of a group, access rights and an owner.
  • Users select the appropriate group to request membership.
  • An Group Manager workflow invites the group owner or another stake-holder to approve the change.
  • Approved requests are automatically fulfilled.
  • The user is notified of the change. Users may have to sign out of and back into Windows, for the change to take effect (via a new Kerberos token).