Features Self-service management of security group membership
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Self-service management of security group membership - Hitachi ID Identity Manager

Hitachi ID Group Manager is a component of Hitachi ID Identity and Access Management Suite which is automatically enabled for every Hitachi ID Identity Manager licensee.

__WhatIsIDAccess


Watch a Movie

Windows access denied dialog leading to group membership request


Play movie

Content:

  • A user is guided through the access request process.
  • The video starts with the user encountering a Windows "Access Denied" error dialog.
  • The user is guided to a request to for membership in the appropriate Active Directory security group.

Key concepts:

  • Users frequently need access to new shares, folders, etc. but they don't understand access control lists (ACLs) or security groups.
  • To attain high user adoption for self-service security entitlement management, it is important to implement a system which allows for this gap in users' knowledge.

Authorization of a request for security group membership


Play movie

Content:

  • A request for group membership is routed to the group's owner for approval.

Key concepts:

  • The default authorizers for changes to membership in a group are the group's owner(s) on Active Directory.
  • Customer-specific business logic can route requests to other or additional users for approval.
  • Approval by N of M people, reminders, escalation and delegation are all built-in.

Request approved, user can access the folder


Play movie

Content:

  • The user signs out, signs back in and can access the folder which previously caused an "Access Denied" error.

Key concepts:

  • On Windows, changes to a user's group memberships only take effect when the user signs into his PC.
  • This means that after the user was added to the group in question, he must sign off and sign back on before he can access the protected share, folder, etc.