Skip to main content

Authorization Workflow - Hitachi ID Identity Manager

Overview of Authorization Process

All change requests processed by Hitachi ID Identity Manager, regardless of whether they originated with the auto-provisioning engine, the identity synchronization engine, with self-service profile updates or with the delegated administration module may be subject to an authorization process before being completed. The built-in workflow engine is designed to get quick and reliable feedback from groups of business users, who may be individually unreliable. It supports:

  • Concurrent invitations to multiple users to review a request.
  • Approval by N of M authorizers (N is fewer than M).
  • Automatic reminders to non-responsive authorizers.
  • Escalation from non-responsive authorizers to their alternates.
  • Scheduled delegation of approval responsibility from unavailable to alternate approvers.

Selecting the Right Authorizers

Requests may be submitted to the Identity Manager workflow engine using the included request web portal, by business logic monitoring changes in a system of record (SoR), via a batch loader or through the inbound web services API.

Any request may require approval. Business logic selects authorizers and determines how many are required (possibly zero). Multiple authorizers may be selected, with some level of consensus required (e.g., N of M).

Authorizers are selected automatically and may be chosen by their relationship to the requester and/or recipient. For example, the recipient's manager, or a department head, or a regional security officer are common authorizer choices. Authorizers may be based on what was requested, such as the owner of an application or group. Finally, authorizers may be selected via lookup into an external service or database.

Process Diagram

figure

    Identity Manager Dynamic Workflow

Read More:

page top page top