Skip to main content

Access Request Portal

Hitachi ID Identity Manager includes a request portal, intended for users to accomplish a variety of functions:

  • Users can manage their own credentials -- choosing new passwords and PINs for integrated systems and applications, populating security questions, etc.
  • Self-service profile updates:
    • Entering information such as home contact information.
    • Requesting organizational changes, such as transfers to a new location, department or manager.
  • Self-service requests for access:
    • Group membership.
    • Role assignment.
    • Login IDs on systems or applications.
    • Access to shares, folders, SharePoint sites or other resources.
  • White pages / directory search:
    • Find another user by entering their name, department, manager, etc.
    • Browse the org-chart structure.
  • Delegated changes:
    • To create new user profiles for users who do not appear in any system of record.
    • To correct data that does appear in an SoR but is incorrect or obsolete in the SoR.
    • Allowing the same types of requests as self-service, but by one user on behalf of another user.
  • Workflow request management -- monitor progress on open requests, approve, deny or cancel requests, manage delegation of authority or responsibility from one user to another.

This portal is completely policy driven. For example, what options a user gets, what other users he can find or make requests on behalf of and what identity information one user can see of another is determined by rules. Rules may be simple roles ("all users with attribute X and membership in group Y can perform action Z"). More powerful rules are based on relationships ("user A can request operation B in relation to user C if user A is in group G and users A and B are in the same department.")

Requests submitted through this portal are subject to validation logic (e.g., rules such as "is the city in the user's address consistent with the state or province?") and to approvals. Requested are routed to zero or more authorizers, where approval by some or all of the authorizers is required. The choice of authorizers is normally dynamic -- driven by policy rules and data accessed at run-time.

Account Request Workflow

An example use case of the Identity Manager request workflow portal is where one user requests new access for another, such as when a manager hires a contractor.

Identity Manager supports manager-initiated user provisioning with its built-in workflow engine. Managers sign into the Identity Manager web portal, initiate a change request, fill in the blanks to describe the new user and select roles, systems and entitlements that the user will need access to.

Change requests are validated by Identity Manager and the manager may be required to make corrections. Completed requests are automatically routed to the appropriate authorizers (using business logic programmed into Identity Manager) and await approval. Once a change is approved, Identity Manager applies it to target systems, by creating accounts, allocating badges or tokens, enabling phone lines, etc. This system allows for user provisioning, which decreases employee down-time and therefore increases productivity.

Watch a Movie

Update contact information

Play movie


  • An employee logs into Identity Manager and updates his own contact information.
  • The request is automatically approved.

Key concepts:

  • Routine changes, for example to personal contact information, can be moved from a help desk call to a self-service model.
  • Access controls determine who can see and who can modify what in whose profile. In this case, self-service update of contact information is allowed.
  • Security policy also determines what authorization is required before a change request is completed. In this case, none.

Read More:

page top page top