• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Releases
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Features Authorization Workflow

Authorization Workflow

The Hitachi ID Group Manager workflow engine normally uses e-mail to prompt authorizers for approval, to send reminders, to escalate authorization requests and even to send thank-you notes and welcome e-mails.

Note that approvals are not allowed in e-mails, since most mail systems are insecure: plaintext and unauthenticated. E-mail is used strictly to alert participants in the workflow process that their input is required and to provide a URL where they can be securely authenticated prior to providing that input over a secure channel.

Workflow is used in Group Manager to approve change requests, to implement approved requests, to certify user access and more. A participant in the workflow process is a person who is being asked to complete a task, most commonly change authorization.

The Group Manager workflow engine has built-in support for automatic reminders, escalation and delegation, so as to elicit reliable responses from individually-unreliable users:

• When participants are first chosen, their out-of-office status on their primary e-mail system may be checked, to trigger early escalation to an alternate participant.
• Non-responsive participants that have been asked to review a request receive automatic reminders. The reminder interval is configurable.
• Participants who remain non-responsive (too many reminders) are automatically replaced with alternate participants, identified using escalation business logic. Escalation is most often based on OrgChart data -- i.e., the original authorizer's direct manager is often the escalated authorizer.
• Participants can pro-actively delegate their authority, temporarily or permanently. Delegation may trigger its own approval -- asking the new participant to accept a new responsibility.
• A workflow manager can reassign participants attached to open requests, for instance when they are terminated or when a request is urgent and already-assigned participants are not available.

© Hitachi ID Systems, Inc. . All rights reserved.