• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Releases
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Features

Hitachi ID Identity Manager features

Hitachi ID Identity Manager enables automated, self-service and policy-driven management of users and entitlements with:

• Auto-provisioning and auto-deactivation:

  Identity Manager can monitor one or more systems of record (typically HR applications) and detect changes, such as new hires and terminations. It can make matching updates to other systems when it detects changes, such as creating login accounts for new employees and deactivating access for departed staff.

• Identity synchronization:

  Identity Manager can combine identity information from different sources -- HR, corporate directory, e-mail system and more into a master profile that captures all of the key information about every user in an organization. It can then write updates back to integrated systems, to ensure that identity attributes are consistent. This feature is used to automatically propagate updates to data such as names, phone numbers and addresses from one system to another.

• Self-service updates:

  Users can sign into the Identity Manager web portal and make updates to their own profiles. This includes changes to their contact information and requests for new access to applications, shares, folders, etc.

• Delegated administration:

  Business stake-holders, such as managers, application owners and data owners can sign into the Identity Manager web portal and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.

• Access certification:

  Business stake-holders may be periodically invited to review the users and security entitlements within their scope of authority. They must then either certify that each user or entitlement remains appropriate or flag it for removal. Access certification is an effective strategy for removing security entitlements that are no longer needed.

• Authorization workflow:

  All change requests processed by Identity Manager, regardless of whether they originated with the auto-provisioning engine, the identity synchronization engine, with self-service profile updates or with the delegated administration module may be subject to an authorization process before being completed. The built-in workflow engine is designed to get quick and reliable feedback from groups of business users, who may be individually unreliable. It supports:

  • Concurrent invitations to multiple users to review a request.
  • Approval by N of M authorizers (N is fewer than M).
  • Automatic reminders to non-responsive authorizers.
  • Escalation from non-responsive authorizers to their alternates.
  • Scheduled delegation of approval responsibility from unavailable to alternate approvers.

• Policy enforcement:

  Identity Manager can be used to enforce a variety of policies regarding the assignment of security entitlements to users, including:

  • Role based access control, where security entitlements are grouped into roles, which can be assigned to users.
  • Segregation of duties, which defines mutually-exclusive sets of security entitlements.
  • Template accounts, which define how new users are to be provisioned.
  • Rules for the composition of new IDs, such as login IDs, e-mail addresses, OU directory contexts and more.

• Reports:

  Identity Manager includes a rich set of built-in reports, designed to answer a variety of questions, such as:

  • What users have entitlement X?
  • What entitlements does user Y have?
  • Who authorized entitlement Z for user W?
  • When did user A acquire entitlement B?
  • Who requested and who authorized entitlement B for user A?
  • What accounts have no known owner (orphaned)?
  • What users have no accounts (empty profiles)?
  • What accounts have recent login activity (dormant)?
  • What users have no active accounts (dormant)?

• Automated connectors and human implementers:

  Identity Manager can be integrated with existing systems and applications using a rich set of over 100 included connectors. This allows it to automatically provision, update and deprovision access across commonly available systems and applications.

  Organizations may opt to integrate custom and vertical-market applications with Identity Manager by using the included flexible connectors. Alternately, the built-in "implementers" workflow can be used to invite human administrators to make approved changes to users and entitlements on those systems.

• Unified management of logical access and physical assets:

  Identity Manager includes an inventory tracking system, making it suitable for managing requests for physical assets as well as logical access. For example, types and inventories of building access badges, laptops, phones and other devices can be tracked, requested, authorized and delivered using Identity Manager.

Read more:

• Automated user provisioning and deactivation:
  Automated propagation of changes to user profiles from systems of record (such as HR) to target systems (such as Active Directory, Exchange, RAC/F and more).
• Identity synchronization:
  Synchronizing identity attributes such as names, department codes and phone numbers between multiple systems and applications.
• Self-service profile updates and access requests:
  A self-service portal allows users to update their profiles and request access to applications and resources.
• Delegated security administration:
  Enabling business stake-holders such as managers and application owners to manage users and entitlements directly, without involving IT.
• Access certification:
  Periodically inviting managers and application owners to review lists of users and security entitlements, either certifying them as still-appropriate or asking that they be removed.
• Authorization workflow:
  All change requests, regardless of where they originated, may be subject to approvals before being implemented.
• Role-based access control:
  Assigning security entitlements to users indirectly, through roles can reduce the cost of ongoing administration and simplify the change management user interface.
• Segregation of duties policy enforcement:
  Detecting users whose already-assigned security entitlements violate policy and preventing users from acquiring new entitlements that would violate segregation of duties rules.
• Standardizing user entitlements:
  Ensuring that new users and newly created accounts are configured in compliance with corporate standards.
• Self-service management of security group membership:
  Self-service management of thousands of AD groups using the built-in component Group Manager.
• Delegated construction and maintenance of Orgchart data:
  Self-service construction and maintenance of OrgChart data using the built-in component Org Manager.
• Report on users and entitlements:
  Organizations can run report to list users, entitlements, change history and more across every application.
• Automated connectors and human implementers:
  A rich set of connectors and a built-in process to invite system administrators support rapid deployment of the solution to all systems and applications.

© Hitachi ID Systems, Inc. . All rights reserved.