Skip to main content

Event Notification - Hitachi ID Identity Manager

Detecting Changes on Target Systems and Applications

Hitachi ID Identity Manager can detect all administrative changes made to users and entitlements on target systems as a normal part of the nightly auto-discovery process. This includes new users, terminated users, attribute changes and group membership changes.

Normally such changes are simply loaded into the Identity Manager identity cache, so that the various Identity Manager processes can act on correct current state data.

Such changes can also be fed into alarm systems (such as e-mail or SMS), can be reported on and can be fed as input to the auto-provisioning component of Identity Manager.

The auto-provisioning module (ID-Track) applies business logic to decide what to do about detected changes -- (disable unauthorized new accounts, revoke group membership changes and so on). Changes are submitted to the workflow engine, where they may be automatically approved or require human authorization before being executed.

Automated removal of detected changes is not normally recommended, however, as it is difficult to predict a-priori what kinds of changes might be legitimately required by systems administrators. It is normally safer to report on changes than to blindly revoke them. Human beings can then decide whether to retain or back out changes made outside of Identity Manager.

Event Notification Infrastructure

Identity Manager includes over 312 exit points. Exit points may be triggered by many events, including:

  • Attempts to sign into Identity Manager (successful or failed).
  • One user looking up the profile of another.
  • Triggering an intruder lockout.
  • Password synchronization or reset, success or failure.
  • Checking out a managed account, account set or group set.
  • Time-out of a privileged access session.
  • Changes to a user's profile, such as creating a new account or changing attributes or group memberships for an existing account.
  • Assigning a role to a user or removing a user from a role; changing Identity Manager's configuration.
  • Running a report.

Example uses of exit points include sending e-mails to users, manipulating incidents in a ticketing system or forwarding an event to a security incident/event management (SIEM) system.

Various pre-built interface programs designed to be called from exit points are included with Identity Manager. Scriptable interface programs can create help desk incidents (e.g., ServiceNow, BMC Remedy, HP Service Manager, etc.) and sending e-mails.

page top page top