Hitachi ID Identity Manager can detect all administrative changes made to users and entitlements on target systems as a normal part of the nightly auto-discovery process. This includes new users, terminated users, attribute changes and group membership changes.
Normally such changes are simply loaded into the Identity Manager identity cache, so that the various Identity Manager processes can act on correct current state data.
Such changes can also be fed into alarm systems (such as e-mail or SMS), can be reported on and can be fed as input to the auto-provisioning component of Identity Manager.
The auto-provisioning module (ID-Track) applies business logic to decide what to do about detected changes -- (disable unauthorized new accounts, revoke group membership changes and so on). Changes are submitted to the workflow engine, where they may be automatically approved or require human authorization before being executed.
Automated removal of detected changes is not normally recommended, however, as it is difficult to predict a-priori what kinds of changes might be legitimately required by systems administrators. It is normally safer to report on changes than to blindly revoke them. Human beings can then decide whether to retain or back out changes made outside of Identity Manager.
Example uses of exit points include sending e-mails to users, manipulating incidents in a ticketing system or forwarding an event to a security incident/event management (SIEM) system.
Various pre-built interface programs designed to be called from exit points are included with Identity Manager. Scriptable interface programs can create help desk incidents (e.g., ServiceNow, BMC Remedy, HP Service Manager, etc.) and sending e-mails.