Overview Screen Recordings Onboarding New Users
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Hitachi ID Identity Manager Screen Recordings - Onboarding

Automatic provisioning (scheduled batch process)


Play movie

Content:

  • A new employee is added to an HR application.
  • A batch process is triggered manually (just for demos -- normally it is scheduled).
  • Accounts for the new user are automatically created on AD and elsewhere.

Key concepts:

  • Automation is typically a batch process that runs at least once daily.
  • Business logic determines what to do when user records are added to, removed from or changed on each system of record.
  • Most suitable for coarse-grained (i.e., hire/fire) changes detected on HR systems.
  • Can also automate synchronization of identity attributes between systems.

Request access for a new contractor


Play movie

Content:

  • This video shows how a manager can request access for a new contractor using a self-service form.

Key concepts:

  • While employees are normally auto-provisioned based on an HR feed, contractors typically are not.
  • Validation of the request form and routing to authorizers for approval happens next (separate recordings).

Authorization process using web approval


Play movie

Content:

  • An authorizer is invited to review and either approve or reject a change request.
  • Approvals take place via a secure, authenticated web form.

Key concepts:

  • Multiple authorizers can be invited at the same time.
  • Approval by N of M people is standard.
  • Reminders are automatically sent to non-responsive authorizers.
  • Escalation and delegation can replace non-responsive authorizers.

First login for new contractor


Play movie

Content:

  • A newly hired contractor signs in by answering security questions based on PII data (driver's license, mother's maiden name, date of birth, etc.).
  • A random PIN may also be sent to the user's phone or personal e-mail address.
  • Once authenticated, the user must complete a profile of security questions / answers.
  • The user resets his own password -- there was never a known, shared password value.
  • The user may be asked to review and accept policy documents at first login.

Key concepts:

  • Eliminate the need for predictable initial password.
  • Capture security questions at first login.
  • Get new users to read and accept policy documents.

Update contact information


Play movie

Content:

  • An employee logs into Identity Manager and updates his own contact information.
  • The request is automatically approved.

Key concepts:

  • Routine changes, for example to personal contact information, can be moved from a help desk call to a self-service model.
  • Access controls determine who can see and who can modify what in whose profile. In this case, self-service update of contact information is allowed.
  • Security policy also determines what authorization is required before a change request is completed. In this case, none.