Technology Mapping User IDs
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+ Hitachi ID YouTube Page

Mapping User IDs - Hitachi ID Password Manager

Every enterprise identity management and access governance system, regardless of its features, must support login ID reconciliation. Users have login accounts and other records on various systems and these have to be attached to a single profile, in order to create a user-centric identity system. The process of attaching non-standard login IDs and other user identifiers to a single profile is called login ID reconciliation.

Hitachi ID Password Manager supports multiple options for login ID reconciliation, as follows:

When self-service login ID reconciliation is required, it works as follows:

Self-service reconciliation is inexpensive (about 5 minutes per user), reliable, fully automated (users are reminded to register until they actually do) and very secure.

Both self-service and administrative login ID reconciliation are logged. Other forms of login ID reconciliation are typically batch oriented and can be configured with logging if required.

Note that attempts to reconcile login IDs by matching on attributes of user profiles on target systems are often costly and/or insecure, especially when combined with a password management system:

Where self-service login ID reconciliation is required, the process is both inexpensive (25,000 users spending 5 minutes each costs nothing, while one consultant spending weeks or months is expensive) and error-free (since IDs are claimed with a validated password). This process is, to the best of Hitachi ID Systems knowledge, unique.


Watch a Movie

Enrollment of non-standard login IDs


Play movie

Content:

  • A user has been invited to fill in a form with login IDs and passwords.
  • This animation starts after the user has been invited and has authenticated.
  • Multiple authentication steps - security questions, login IDs, biometrics, etc. are normally integrated into a single process.

Key concepts:

  • This process eliminates the need to "match" profile data on different systems (can be costly, unreliable).
  • Users don't need to know what a system is "officially" called, eliminating a common cause of misunderstanding between users and IT staff.
  • Users must "prove possession" by providing a correct password, making this process totally secure.