Hitachi ID Identity Manager is well integrated with LDAP directories, as follows:
Identity Manager is configured to automatically define its own users based on the users that exist in an authoritative directory, which is often an LDAP directory. There is no need for duplicate administration or reconciliation.
Users can be included in or excluded from Identity Manager using AD groups and OUs.
Hitachi ID Privileged Access Manager is normally configured to automatically discover endpoints that it might manage. LDAP and AD are typical sources of inventory data, which is then fed into import rules to decide what credentials to try and whether to attempt to manage each system.
Identity Manager can create, modify, move, rename and delete users in LDAP directories.
Identity Manager can also manage user membership in LDAP groups, including requests for changes to group memberships, group memberships based on roles, SoD policy enforcement, access certification and more.
Hitachi ID Password Manager can be configured to intercept native password changes on certain LDAP directories (SunONE, IBM LDAP, OID) and:
Even on directories where a password synchronization trigger is not currently offered, Identity Manager can reset LDAP passwords and clear intruder lockouts (lockouts are not implemented on all LDAP servers but can be cleared by Identity Manager where they exist).
Users can sign into Identity Manager using LDAP credentials -- entered into the Identity Manager web UI.