- Automated Onboarding and Deactivation:
Monitor systems of record and automatically submit access requests -- to grant, modify or deactivate access in response to business events.
- Access Request Portal:
A web portal where users can fill in access requests for themselves (self-service) or for other recipients (delegated administration).
- Self-service Profile Updates:
The Hitachi ID Identity Manager self-service web portal allows users to update their profiles and request access to applications and resources.
- Delegated Access Administration:
Hitachi ID Identity Manager enables business stake-holders such as managers and application owners to manage users and entitlements directly, without involving IT.
- Robust Approvals Process:
All access requests flow through the Hitachi ID Identity Manager workflow, which may validate or calculate attributes, select authorizers to approve or reject them or select implementers to complete tasks.
- Access Reviews and Remediation:
Periodically inviting managers and application owners to review lists of users and security entitlements, either certifying them as still-appropriate or asking that they be removed.
- Segregation of Duties Policy Enforcement:
Defining mutually-exclusive combinations of entitlements, finding users who already violate policy and preventing access requests from triggering new violations.
- Role-based Access Control:
Assigning multiple security entitlements at once, using roles, to reduce the cost of administration and simplify the access request and access review processes.
- Risk Scores:
Assigning risk scores to user profiles, to identify users who can harm the organization, intentionally or accidentally.
- History of Requests and Entitlements:
Hitachi ID Identity Manager tracks the history of both access requests and entitlements on integrated systems and applications, making it possible to answer questions about who had what access and how they got it.
- Finding orphan and dormant accounts:
Orphan accounts have no known owner while dormant accounts are not actively used. Both represent risk because a compromise may not be detected for a long time.
- Actionable Analytics:
Extensive analytics combined with the ability to automatically submit requests from report output mean that problems can be automatically identified and automatically remediated.