Hitachi ID Group Manager is designed to be secure. It is protected using a multi-layered security architecture, which includes running on a hardened OS, using file system ACLs, providing strong application-level user authentication, filtering user inputs, encrypting sensitive data, enforcing application-level ACLs and storing log data indefinitely.
Group Manager never requires plaintext passwords to be stored in configuration files or scripts and does not store plaintext passwords anywhere. Group Manager does not ship with a default administrator password -- one must be typed in at installation time.
These security measures are illustrated in Figure [link].