• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Access Manager
  • Download evaluation
  • Releases
  • CCC
• Solutions
  • Security / GRC
  • Reducing IT support cost
  • Improve user service
• Support
  • Shipping products
  • Supported versions
  • Portal login
  • Report problem
• Services
  • Solution delivery
  • Methodology
  • Education
  • Upgrades
  • AdMax Program
  • Hitachi ID Systems-Managed IAM
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Channel Partners
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Online partner application

Features Managed user enrollment

Managed user enrollment with Hitachi ID Password Manager

User enrollment overview

Hitachi ID Password Manager (formerly P-Synch) includes built-in infrastructure to securely and automatically manage the user enrollment process:

• By monitoring one or more systems of record, Password Manager automatically creates new and removes old profile IDs.
• New users and existing users with incomplete profiles are automatically prompted to complete their profiles (e.g., by answering security questions).
• Invitations to enroll may be e-mailed to users.
• Users may be more forcefully reminded to enroll by having a web browser automatically open to the enrollment page when they log into the network.
• Users may be forced to enroll, by opening a kiosk-mode web browser to the enrollment page when they sign into the network, and blocking access to the Windows desktop until users complete their profile. This process is typically controlled by placing users into a "mandatory enrollment" AD group and attaching a suitable GPO to that group.
• To enroll, users must first authenticate. This is normally done by leveraging an existing strong authenticator -- such as a network password or a token.
• A single, integrated enrollment system supports collecting answers to security questions, mapping different login IDs, on different systems back to their owners and collecting biometric voice print samples.

Security question enrollment in detail

Enrollment of of security questions and answers using the Password Manager web form works as follows:

1. Password Manager server: extracts a user list from one or more target systems nightly.

2. Password Manager server: compares the total list of users to those that are fully registered.

3. Password Manager server: e-mails unregistered users (up to a certain number of users per run) a request to register, with an embedded URL.

4. User: receives notification in e-mail, clicks on URL.

5. Password Manager web server: prompts the user to type his network login ID.

6. User: types his network login ID.

7. Password Manager web server: prompts the user to type his current NOS password.

8. User: types his current password.

9. Password Manager web server: validates the password against the indicated system.

   ... repeat if authentication failed, lockout if too often.

10. Password Manager web server: prompts the user to answer a set of personal questions.

11. User: fills in the blanks.

12. Password Manager web server: validates completeness, adequacy of data.

13. Password Manager web server: notifies the user of success.

Notes - other profile data

Password Manager can be used to collect other information from users, such as demographic data that is not used in authentication processes (e.g., home phone number, application preferences, etc.), and biometric voice print samples. All registration is handled through the same, integrated enrollment system.

© Hitachi ID Systems, Inc. . All rights reserved.