Self-service Profile Updates and Access Requests - Hitachi ID Identity Manager
Users can sign into the Hitachi ID Identity Manager web portal and make updates to their
own profiles. This includes changes to their contact information
and requests for new access to applications, shares, folders, etc.
Profile updates are subject to:
- Access control policies. For example, users may be able
to see but not modify their job code or pay grade.
- Field- and form-level validation rules. For example,
the area code in a user's phone number may have to match
the city in which the user resides.
- Authorization rules. For example, changes to a user's
department code may have to be approved by both the old
and new department managers.
Changes to a user's roles, accounts or security groups are subject
to policy as well:
- What entitlements a user can see or request is limited by policy.
- Requests must not create an end-state which violates SoD policy.
- Changes to a user's entitlements are normally routed to
application owners and/or managers for approval.
- Access Governance:
Assigning appropriate initial security entitlements, monitoring and controlling the security rights of users and prompt/reliable access deactivation using Hitachi ID Identity Manager access governance.
- Automated User Provisioning and Deactivation:
Automated propagation of changes to user profiles from systems of record (such as HR) to target systems (such as Active Directory, Exchange, RAC/F and more).
- Identity Synchronization:
Synchronizing identity attributes such as names, department codes and phone numbers between multiple systems and applications.
- Self-service Profile Updates and Access Requests:
A self-service portal allows users to update their profiles and request access to applications and resources.
- Delegated Security Administration:
Enabling business stake-holders such as managers and application owners to manage users and entitlements directly, without involving IT.
- Access Certification:
Periodically inviting managers and application owners to review lists of users and security entitlements, either certifying them as still-appropriate or asking that they be removed.
- Access Request Portal:
A web portal where users can submit change requests on behalf of themselves or others.
- Authorization Workflow:
All change requests, regardless of where they originated, may be subject to approvals before being implemented.
- Role-based Access Control:
Assigning security entitlements to users indirectly, through roles can reduce the cost of ongoing administration and simplify the change management user interface.
- Standardizing User Entitlements:
Ensuring that new users and newly created accounts are configured in compliance with corporate standards.
- Self-service management of security group membership:
Self-service management of thousands of AD groups using the built-in component Group Manager.
- Delegated construction and maintenance of Orgchart data:
Self-service construction and maintenance of OrgChart data using the built-in component Org Manager.
- Report on Users and Entitlements:
Organizations can run report to list users, entitlements, change history and more across every application.
- Automated Connectors and Human Implementers:
A rich set of connectors and a built-in process to invite system administrators support rapid deployment of the solution to all systems and applications.