Skip to main content

Hitachi ID Group Manager Features

Hitachi ID Group Manager -- available stand-alone and as a module in Hitachi ID Identity Manager -- streamlines the process of managing security groups on Active Directory with:

  • A Windows shell extension:

    A shell extension is included with _PRODUCT which can be deployed on Windows PCs. If installed, this component can intercept Windows "access denied" error messages and present an expanded message which allows users to open a web browser to the _PRODUCT application, where they can request membership in the appropriate AD group.

    A similar mechanism is provided for SharePoint sites, but only requires a few lines of ASP code on each SharePoint server.

  • Share and folder browsing in a web portal:

    Alternately, users can navigate directly to the Group Manager web portal, which presents a view of shares and folders similar to Windows Explorer. Users can select the share, folder or printer in which they are interested and request membership in the appropriate group.

  • A UI that guides users to appropriate groups:

    When users select a network resource, Group Manager presents several options:

    • Groups that have access rights to that resource, with a clear indication as to who owns each group and what access rights the group has.
    • Nested groups, that the user might with to join instead.
    • Nested resources (folders) that the user may wish to access instead.

    With these options, Group Manager guides users to a selection of the appropriate resource and group.

  • Authorization workflow:

    All change requests processed by Group Manager are subject to an authorization process before being completed. By default, group owners are invited to approve all changes, but this routing can be replaced or augmented as required.

    The _PRODUCT workflow engine is designed to get quick and reliable feedback from groups of business users, who may be individually unreliable. This is accomplished with:

    • Concurrent invitations to multiple users to review a request.
    • Approval by N of M authorizers (N is fewer than M).
    • Automatic reminders to non-responsive authorizers.
    • Escalation from non-responsive authorizers to their alternates.
    • Scheduled delegation of approval responsibility from unavailable to alternate approvers.
    • Checking authorizers' out-of-office status and pre-emptively escalating requests if an OOO message has been set.
    • Allowing authorizers to approve or reject requests from their mobile phone (from any location, at any time, without a VPN).

  • Reports:

    Group Manager includes a rich set of built-in reports, designed to answer a variety of questions, such as:

    • What users are members of group X?
    • What group memberships does user Y have?
    • Who authorized membership in group Z for user W?
    • When did user A gain membership in group B?
    • Who requested and who authorized group B for user A?

Read More:

  • Features:
    Self-service requests and authorization for AD group membership.
  • Business Case:
    Improved user service and lower IT cost through effective management of user access to shares and folders.
  • Screen Shots:
    Snapshots of the Group Manager web interface.
  • Screen Recordings:
    Videos of the Group Manager interface.
  • Slide Decks:
    Slide presentations that discuss how Group Manager works.
page top page top