Entitlement and Request History - Hitachi ID Identity Manager
By default, Hitachi ID Identity Manager retains a history of all change requests --
including requester, recipient, authorizers, times and dates,
operations, attributes, entitlements and either connector results or
implementer feedback -- indefinitely. This means that an auditor can
answer questions such as "who requested or approved that this user
receive this entitlement?" years after the fact.
In addition to changes initiated through a Identity Manager process
(automation, request portal, API, etc.), Identity Manager detects changes made
natively on integrated systems and applications. This includes creation
of new and deletion of existing accounts as well as changes to account
attributes, group memberships and status (e.g., enabled/disabled).
This monitoring is used to maintain an internal model in Identity Manager's
database of all IDs and entitlements on integrated systems.
Identity Manager can be configured to retain history in detected entitlements
and attributes as well. This history is visible through the request
portal and enables auditors to ask questions such as "when did this
user acquire this entitlement on this system?" even where such changes
did not originate with Identity Manager.
- Secure User Administration:
Changing business processes and infrastructure to secure user administration.
- Locking Down Identity Manager:
Protecting the Identity Manager server, its data and its communications against attack.
- Finding and Deactivating Orphan Accounts:
Using Identity Manager to find and deactivate dormant and orphan login accounts.
- User Access Deactivation:
Prompt and reliable user access termination are essential to internal controls over enterprise IT infrastructure.
- Access Change Authorization:
Use Identity Manager to enforce robust processes to authorize changes to user access rights.
- Enforcing Security Standards:
Standards are an important way to ensure that users get just the entitlements they need, and no more. Naming standards are also important, as they help in the implementation of accountability measures, such as connecting security events on different systems back to individual users.
- Global Access Reporting:
One of the key requirements for secure identity management and access governance is the ability to find out who has access to what systems of data. This capability must span systems and platforms -- hence global access reporting.
- Segregation of Duties Policy Enforcement:
Detecting users whose already-assigned security entitlements violate policy and preventing users from acquiring new entitlements that would violate segregation of duties rules.
- Entitlement and Request History:
Hitachi ID Identity and Access Management Suite retains a history of all change requests – including requester, recipient, authorizers, times and dates, operations, attributes, entitlements and either connector results or implementer feedback.