Automated Connectors and Human Implementers

A rich set of connectors and a built-in process to invite system administrators support rapid deployment of the solution to all systems and applications.

Hitachi ID Identity Manager can be integrated with existing systems and applications using a rich set of over 120 included connectors. This allows it to automatically provision, update and deprovision access across commonly available systems and applications.

Organizations may opt to integrate custom and vertical-market applications with Identity Manager by using the included flexible connectors. Alternately, the built-in ''implementers'' workflow can be used to invite human administrators to make approved changes to users and entitlements on those systems.

Connectors for Automated Fulfillment

There are over 120 connectors included with Hitachi ID Systems, out of the box and at no extra charge. This includes:

  1. 63 executable programs that run on the Hitachi ID Systems server whose job is to create, update and delete users and passwords on different types of target systems and applications.
  2. 23 executable programs that run on the Hitachi ID Systems server whose job is to create, update and close support incidents on help desk applications.
  3. 23 executable programs that run on various types of Unix and Linux systems, to implement local user/password/entitlement changes on behalf of a Identity Manager server.
  4. A local connector that installs on z/OS mainframes and can manage users/entitlements/passwords on 3 types of security databases.

Some of these connectors support multiple versions and types of systems. For example, the LDAP connector can manage users, passwords and entitlements on any standards-compliant LDAP directory.

Some of these connectors are scriptable and are expressly designed to integrate with new systems. For example, there is a SOAP agent and an SSH agent, both designed for rapid integration with new applications during deployment.

Built-in Process to Invite Human System Administrators

Identity Manager supports the notion of an "implementer-style" target system, where a human system administrator is asked to create, modify or delete a user object on the target system, in place of an automated Identity Manager connector.

Implementer-style target systems are useful in two main circumstances:

  1. A custom or vertical-market target application has either a small or static population of users. The level of effort required to deploy automated integration to manage identities, entitlements or credentials (typically on the order of several days) is uneconomical.
  2. It is desirable to publish all applications in Identity Manager, but there has not yet been time to integrate with all of them. Initially, changes on some applications will be handled manually, but over time more connectors will be deployed to expand automation.

Applications may also be configured in a hybrid mode, where some operations are automated using a connector but other operations are sent to human implementers to complete. For example, a CSV file might be used to enumerate users, groups and/or group memberships but a human implementer may be invited to complete changes manually.

Read More: