Skip to main content

Hitachi ID LinkedIn Page Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Authorization Workflow - Hitachi ID Identity Manager

Overview of Authorization Process

All change requests processed by Hitachi ID Identity Manager, regardless of whether they originated with the auto-provisioning engine, the identity synchronization engine, with self-service profile updates or with the delegated administration module may be subject to an authorization process before being completed. The built-in workflow engine is designed to get quick and reliable feedback from groups of business users, who may be individually unreliable. It supports:

  • Concurrent invitations to multiple users to review a request.
  • Approval by N of M authorizers (N is fewer than M).
  • Automatic reminders to non-responsive authorizers.
  • Escalation from non-responsive authorizers to their alternates.
  • Scheduled delegation of approval responsibility from unavailable to alternate approvers.

Selecting the Right Authorizers

Requests may be submitted to the Identity Manager workflow engine through a self-service web portal, by business logic implementing automated user (de)provisioning or through the Identity Manager SOAP API.

By default, all requests require authorization -- but business logic may override this and auto-approve requests.

Authorizers are selected automatically and may be chosen using OrgChart data (i.e,. managers of the requester or recipient), using resource owner data or through other means, such as lookups in an external database or directory.

Each group of authorizers consists of some N>=1 authorizers. Some number M<=N of the authorizers in each group must approve a request before it will be fulfilled by Identity Manager.

Process Diagram


    Identity Manager Dynamic Workflow

page top page top