User Access Deactivation - Hitachi ID Identity Manager
Several processes are available for timely and reliable user access termination. Choice of the appropriate process depends on Hitachi ID Systems customer business requirements and preferences:
- Scheduled access termination
Some workers, such as contractors, summer students and temporary staff, have pre-defined termination dates. These dates can be entered or loaded into Hitachi ID Identity Manager.
A scheduled batch process runs periodically on the Identity Manager server and checks for scheduled terminations. It can send e-mails to managers in advance, allowing them to update termination dates (e.g., defer them). It can disable users whose termination date has passed and it can delete, move or reassign accounts, mail boxes, home directories etc. for users who have been disabled for a sufficiently long amount of time.
- HR-initiated access termination
HR staff can mark employees and contractors (note) either with a termination date, which is processed as described above or as already terminated. The Identity Manager automation engine can periodically poll the HR system for such changes and automatically disable login access for every newly-terminated user.
- Manager-initiated access termination
Managers can use the same change request process to request updates to a user's termination date and status. This can be used to schedule or defer termination or to request immediate deactivation. Requests are routed to authorizers by e-mail, who respond on a secure, authenticated web form. Once deactivation requests are approved and/or a user's termination date has elapsed, all login IDs for the indicated user are disabled.
- Urgent access termination
A web-based user management interface allows security administrators to terminate access to any user, on any combination of systems, immediately. This is used for urgent termination scenarios.