Skip to main content

Ambiguous User Access Requests - Hitachi ID Identity Manager

Business Challenge

In large organizations users frequently move from project to project or department to department. When this happens, users need access to new resources - typically files, folders, printers and mail distribution lists.

Most business users understand these resources, but not the security infrastructure that allows some users but not others to access them. Consequently, they call the help desk, asking for something ambiguous: "I need access to the printer in the corner" rather than something actionable: "I need to join group X on AD domain Y."

The ambiguity that arises in communication between business and technical users slows down the change control, introducing frustration, cost and delay.

Hitachi ID Group Manager Solution
  • Group Manager presents end users with a user interface (UI) they are familiar with, closely modeled on that of Windows Explorer.
  • Using this familiar UI, users request access to resources they are familiar with -- shares, folders, printers, etc.
  • Group Manager automatically maps user requests for resources to requests for membership in appropriate security groups.
  • Group Manager automatically routes group membership requests to appropriate business users for approval. The default routing is to group owners identified in each group's Active Directory object.

Group Manager translates user requests to "IT language" and automatically follows through with an approval work-flow and fulfillment. Users get better service and IT is able to focus on higher priority tasks.

Read More:

  • Slow Onboarding:
    It can take too long to create login IDs for newly hired or reassigned users.
  • Costly Security Administration:
    Processes to manage users and entitlements are costly and time consuming.
  • Unreliable Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies regarding appropriate access or segregation of duties.
  • Auditing User Entitlements:
    Auditing user entitlements that span multiple systems.
  • Ambiguous User Access Requests:
    Users understand files and folders, but not groups and ACLs. This makes change requests hard to interpret and both costly and time consuming to fulfill.
  • No History for Security Rights:
    When security entitlements are granted or revoked using native administration tools, there is no audit trail to show who made the change, when or for what reason.
page top page top