Automated Connectors and Human Implementers - Hitachi ID Identity Manager
Hitachi ID Identity Manager can be integrated with existing systems and applications using a rich set of over 110 included connectors. This allows it to automatically provision, update and deprovision access across commonly available systems and applications.
Organizations may opt to integrate custom and vertical-market applications with Identity Manager by using the included flexible connectors. Alternately, the built-in ``implementers'' workflow can be used to invite human administrators to make approved changes to users and entitlements on those systems.
Connectors for Automated Fulfillment
There are over 110 connectors included with Hitachi ID Systems, out of the box and at no extra charge. This includes:
- 63 executable programs that run on the Hitachi ID Systems server whose job is to create, update and delete users and passwords on different types of target systems and applications.
- 23 executable programs that run on the Hitachi ID Systems server whose job is to create, update and close support incidents on help desk applications.
- 23 executable programs that run on various types of Unix and Linux systems, to implement local user/password/entitlement changes on behalf of a Identity Manager server.
- A local connector that installs on z/OS mainframes and can manage users/entitlements/passwords on 3 types of security databases.
Some of these connectors support multiple versions and types of systems. For example, the LDAP connector can manage users, passwords and entitlements on any standards-compliant LDAP directory.
Some of these connectors are scriptable and are expressly designed to integrate with new systems. For example, there is a SOAP agent and an SSH agent, both designed for rapid integration with new applications during deployment.
Built-in Process to Invite Human System Administrators
Identity Manager supports the notion of an "implementer-style" target system, where a human system administrator is asked to create, modify or delete a user object on the target system, in place of an automated Identity Manager connector.
Implementer-style target systems are useful in two main circumstances:
- A custom or vertical-market target system either has a very small or very static user population. In these cases, the level of effort required to deploy automated integration to manage users on the target system (typically on the order of several days) is not warranted given the small pay-back.
- There are many target systems (hundreds, thousands) in-scope for the project and it is desirable to give users a "one stop shop" experience for security change requests, using Identity Manager, at the start of deployment. This is preferable to asking users to refer to different request systems depending on what kind of access they require.
Individual target systems or applications may also be configured in a hybrid mode. For example, a CSV file might be used to enumerate users, groups and/or group memberships but a human implementer may be invited to make updates manually.