Overview Screen Recordings Access Requests
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Hitachi ID Identity Manager Screen Recordings - Access Requests

Windows access denied dialog leading to group membership request


Play movie

Content:

  • A user is guided through the access request process.
  • The video starts with the user encountering a Windows "Access Denied" error dialog.
  • The user is guided to a request to for membership in the appropriate Active Directory security group.

Key concepts:

  • Users frequently need access to new shares, folders, etc. but they don't understand access control lists (ACLs) or security groups.
  • To attain high user adoption for self-service security entitlement management, it is important to implement a system which allows for this gap in users' knowledge.

Authorization of a request for security group membership


Play movie

Content:

  • A request for group membership is routed to the group's owner for approval.

Key concepts:

  • The default authorizers for changes to membership in a group are the group's owner(s) on Active Directory.
  • Customer-specific business logic can route requests to other or additional users for approval.
  • Approval by N of M people, reminders, escalation and delegation are all built-in.

Request approved, user can access the folder


Play movie

Content:

  • The user signs out, signs back in and can access the folder which previously caused an "Access Denied" error.

Key concepts:

  • On Windows, changes to a user's group memberships only take effect when the user signs into his PC.
  • This means that after the user was added to the group in question, he must sign off and sign back on before he can access the protected share, folder, etc.

Sharepoint Access Denied


Play movie

Content:

  • A user tries to access a site in SharePoint.
  • A user has no access rights.
  • The error message is modified by Hitachi ID Group Manager.
  • The user is directed to the appropriate request page on the Hitachi ID Group Manager request portal and requests access to the appropriate SharePoint group for his personal AD account.
  • Once the request is approved, the user can access the SharePoint site.

Key concepts:

  • Intercepting "Access Denied" error messages on SharePoint.
  • Diverting change requests and approvals out of IT and back to business users, who understand the business need for the access.
  • Reducing security administration IT call volume.

Model-after user interface


Play movie

Content:

  • A requester -- be it the user himself in a self-service request or the user's manager -- may not know exactly what roles, groups or attributes are needed to grant a recipient some required privileges.
  • However, requesters often know someone else who already has the required privileges. A model-after user interface allows a requester to compare the profile attributes and entitlements of the recipient with a model user and request just those items whose descriptions appear relevant to the task at hand.

Key concepts:

  • A requester can assign a subset of a model user's rights to a recipient.
  • Access controls limit what recipients and model user a given requester can access.
  • Requests formulated in this way are user friendly -- the requester already knows who has the required entitlements, just not what they are called.
  • Selecting just key entitlements eliminates the problem of propagating rights from one over-provisioned user to another.