• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Releases
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Security Secure User Administration Enforcing security standards

Standardizing user entitlements with Hitachi ID Identity Manager

Hitachi ID Identity Manager can be used to enforce a variety of security standards when creating new user accounts or managing privileges and identity information for existing users:

• Assigning unique login IDs

  The most basic task that Identity Manager must complete when creating a new user profile is to assign that user a new, globally-unique login ID.

  Identity Manager can implement any login ID naming system and comes with a built-in system to detect and avoid name collision. Every new user gets a new, globally-unique login ID that meets corporate standards and that is not in current use on any system.

  Standard login IDs have many benefits, including usability: user only has to remember a single login ID; support: IT staff can quickly look up a user's profile; and security: log entries on different systems can be easily correlated.

• New account configuration standards

  Identity Manager normally creates new login accounts by cloning existing accounts on target systems, that have been created specifically to act as templates. Platform administrators get to use their familiar tools to create and manage templates and Identity Manager leverages the detailed configuration (attributes, group memberships, home directories, paths, etc.) of template accounts to ensure that all new accounts are created in compliance with corporate standards.

  Using templates makes it easy for organizations to enforce security standards without having to invest significant effort in managing Identity Manager itself.

  Identity Manager adjusts newly created accounts by setting additional attributes and group memberships. These modifications may be derived from user input, data from systems of record, business rules or a combination of all three. Control over how and when attributes are set to differentiate new accounts from templates allows organizations to further control the set up of new accounts.

• System dependencies and order of events

  Identity Manager is configured with dependencies between systems and account types. For example, technical requirements stipulate that a new user be set up with an account on Active Directory before an Exchange mailbox can be set up. In a similar way, business requirements may require that all new users get an ACF2 mainframe account before being provisioned with access to any other systems.

  Dependencies ensure that systems access is always provisioned in a consistent, repeatable sequence.

• Ensuring change authorization

  Changes to user profiles, either centrally on the Identity Manager server or on individual target systems, are subject to approvals by system or application owners, as well as by appropriate managers who have a relationship with a change's requester or recipient.

  Unlike manual processes, Identity Manager change authorization is mandatory and auditable.

© Hitachi ID Systems, Inc. . All rights reserved.