Delegated Security Administration

Hitachi ID Identity Manager enables business stake-holders such as managers and application owners to manage users and entitlements directly, without involving IT.

Business stake-holders, such as managers, application owners and data owners can sign into the Hitachi ID Identity Manager web portal and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.

Delegated user administration is subject to a variety of policies:

  • Display filters control:
    • What recipients are visible in search results for a given requester.
    • Which recipients' profiles a given requester can display.
    • What kinds of access requests a given requester can make on behalf of a given recipient.
  • Access control rules determine what parts of a recipient's profile a given requester can see. For example, a user's manager may be allowed to see his subordinates' contact information and applications but not their social security numbers, which are only visible to HR.
  • Authorization routing logic determines who must approve every access request. Typically, a user's manager plus entitlement owners are invited to approve all changes to a user's access rights.

Read More: