Security Global Access Reporting
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Report on Users and Entitlements - Hitachi ID Identity Manager

One of the key elements of both security management and regulatory compliance is to periodically review who has access to systems, to find exceptions, and to remove them.

Global access reporting includes finding and eliminating dormant and orphan accounts, reviewing the access rights of current users to find entitlements that are no longer required, and the ability to simply report on "who has what."

Hitachi ID Identity Manager comes with built in capabilities to meet these security reporting requirements, including: __ReportTypesIDS

In addition, Identity Manager has an open schema and data access layer, allowing customers to develop their own security reports. __ReportingOptionsIDS


Watch a Movie

Users and accounts


Play movie

Content:

  • List of users, with and without identity attributes.
  • List of accounts on a given system.

Key concepts:

  • The simplest reports in any IAM system are lists of users and accounts.
  • Built-in Identity Manager reports can enumerate users, attributes, accounts, group memberships, roles and more.

Orphan and dormant accounts


Play movie

Content:

  • Shows accounts with no known owner.

Key concepts:

  • Built-in reports make it easy to find orphan and dormant accounts:
    • Orphan users are user profiles with no login accounts.
    • Orphan accounts have no known owner.
    • Dormant accounts have had no recent login activity.
    • Dormant profiles have all-dormant accounts.

Violations of segregation of duties rules


Play movie

Content:

  • Finds users who violate any segregation of duties (SoD) rule.
  • Finds users whose violation of an SoD rule has been approved.

Key concepts:

  • SoD reports are a detective control -- i.e,. they find already-existing violations.
  • There is also a preventive control, embedded in the change request workflow.
  • SoD violations may be approved, for example if they are a legitimate situation that the policy did not take into account.

Detailed change history


Play movie

Content:

  • Displays all changes made to users, accounts and groups as a result of workflow requests.

Key concepts:

  • Change requests are retained indefinitely.
  • Details including what changed, who requested the change and who authorized it are accessible via built-in reports.
  • Changes detected on target systems (i.e., not initiated by Identity Manager) are also available.