Features Self-service management of security group membership
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Self-service management of security group membership - Hitachi ID Identity Manager

Hitachi ID Group Manager is a component of Hitachi ID Identity and Access Management Suite which is automatically enabled for every Hitachi ID Identity Manager licensee.


Group Manager is a self-service group membership request portal. It allows users to request access to resources such as shares and folders, rather than initially specifying groups. Group Manager automatically maps requests to the appropriate security groups and invites group owners to approve or reject the proposed change.

Group Manager is available both as a stand-alone solution and as a no-cost module included with Identity Manager.


Group Manager -- available stand-alone and as a module in Identity Manager -- streamlines the process of managing security groups on Active Directory with:


Group Manager improves security by ensuring that changes to membership in security groups are properly authorized before being implemented.

Group Manager reduces the cost of IT support by moving requests and authorization for changes to group membership out of IT, to the community of business users.

Group Manager streamlines service delivery regarding the management of membership in security groups by making it easier for users to submit clear and appropriate change requests and automatically routing those requests to the right authorizers. This makes the request process painless and the approvals process fast.

Watch a Movie

Windows access denied dialog leading to group membership request

Play movie


  • A user is guided through the access request process.
  • The video starts with the user encountering a Windows "Access Denied" error dialog.
  • The user is guided to a request to for membership in the appropriate Active Directory security group.

Key concepts:

  • Users frequently need access to new shares, folders, etc. but they don't understand access control lists (ACLs) or security groups.
  • To attain high user adoption for self-service security entitlement management, it is important to implement a system which allows for this gap in users' knowledge.

Authorization of a request for security group membership

Play movie


  • A request for group membership is routed to the group's owner for approval.

Key concepts:

  • The default authorizers for changes to membership in a group are the group's owner(s) on Active Directory.
  • Customer-specific business logic can route requests to other or additional users for approval.
  • Approval by N of M people, reminders, escalation and delegation are all built-in.

Request approved, user can access the folder

Play movie


  • The user signs out, signs back in and can access the folder which previously caused an "Access Denied" error.

Key concepts:

  • On Windows, changes to a user's group memberships only take effect when the user signs into his PC.
  • This means that after the user was added to the group in question, he must sign off and sign back on before he can access the protected share, folder, etc.