Delegated Security Administration - Hitachi ID Identity Manager
Business stake-holders, such as managers, application owners and
data owners can sign into the Hitachi ID Identity Manager web portal and request changes
to security entitlements. For example, a manager might ask for
application access for an employee or schedule deactivation of a
Delegated user administration is subject to a variety of policies:
- Display filters control:
- What recipients are visible in search results for a given requester.
- Which recipients' profiles a given requester can display.
- What kinds of access requests a given requester can make on behalf
of a given recipient.
- Access control rules determine what parts of a recipient's profile
a given requester can see. For example, a user's manager may be
allowed to see his subordinates' contact information and applications
but not their social security numbers, which are only visible to HR.
- Authorization routing logic determines who must approve every
access request. Typically, a user's manager plus entitlement owners
are invited to approve all changes to a user's access rights.
- Access Governance:
Assigning appropriate initial security entitlements, monitoring and controlling the security rights of users and prompt/reliable access deactivation using Hitachi ID Identity Manager access governance.
- Automated User Provisioning and Deactivation:
Automated propagation of changes to user profiles from systems of record (such as HR) to target systems (such as Active Directory, Exchange, RAC/F and more).
- Identity Synchronization:
Synchronizing identity attributes such as names, department codes and phone numbers between multiple systems and applications.
- Self-service Profile Updates and Access Requests:
A self-service portal allows users to update their profiles and request access to applications and resources.
- Delegated Security Administration:
Enabling business stake-holders such as managers and application owners to manage users and entitlements directly, without involving IT.
- Access Certification:
Periodically inviting managers and application owners to review lists of users and security entitlements, either certifying them as still-appropriate or asking that they be removed.
- Access Request Portal:
A web portal where users can submit change requests on behalf of themselves or others.
- Authorization Workflow:
All change requests, regardless of where they originated, may be subject to approvals before being implemented.
- Role-based Access Control:
Assigning security entitlements to users indirectly, through roles can reduce the cost of ongoing administration and simplify the change management user interface.
- Standardizing User Entitlements:
Ensuring that new users and newly created accounts are configured in compliance with corporate standards.
- Self-service management of security group membership:
Self-service management of thousands of AD groups using the built-in component Group Manager.
- Delegated construction and maintenance of Orgchart data:
Self-service construction and maintenance of OrgChart data using the built-in component Org Manager.
- Report on Users and Entitlements:
Organizations can run report to list users, entitlements, change history and more across every application.
- Automated Connectors and Human Implementers:
A rich set of connectors and a built-in process to invite system administrators support rapid deployment of the solution to all systems and applications.