Skip to main content

LDAP Integration - Hitachi ID Password Manager

Hitachi ID Password Manager, a component of the Hitachi ID Identity and Access Management Suite, actually supports more than just passwords -- it is, in reality, a platform for managing authentication factors and encryption keys. Password Manager is used by many organizations to reduce the volume of IT support calls relating to passwords and PINs, to improve user productivity by eliminating login problems and to strengthen the security of passwords and of user support processes. Password Manager includes connectors to manage passwords on over 120 kinds of systems and applications.

LDAP Directory Integration

Password Manager is well integrated with LDAP directories, as follows:

  • User profiles derived from LDAP:

    Password Manager is configured to automatically define its own users based on the users that exist in an authoritative directory, which is often an LDAP directory. There is no need for duplicate administration or reconciliation.

    Users can be included in or excluded from Password Manager using AD groups and OUs.

  • Discovery systems from LDAP objects:

    Hitachi ID Privileged Access Manager is normally configured to automatically discover endpoints that it might manage. LDAP and AD are typical sources of inventory data, which is then fed into import rules to decide what credentials to try and whether to attempt to manage each system.

  • Managing LDAP accounts and groups:

    Hitachi ID Identity Manager can create, modify, move, rename and delete users in LDAP directories.

    Password Manager can also manage user membership in LDAP groups, including requests for changes to group memberships, group memberships based on roles, SoD policy enforcement, access certification and more.

  • Password synchronization:

    Password Manager can be configured to intercept native password changes on certain LDAP directories (SunONE, IBM LDAP, OID) and:

    • Apply a supplementary password policy beyond the one built into AD and potentially reject the initial password change.
    • Automatically synchronize the user's other passwords, on other systems or other AD domains.

  • Password reset:

    Even on directories where a password synchronization trigger is not currently offered, Password Manager can reset LDAP passwords and clear intruder lockouts (lockouts are not implemented on all LDAP servers but can be cleared by Password Manager where they exist).

  • Authentication:

    Users can sign into Password Manager using LDAP credentials -- entered into the Password Manager web UI.

Triggering Password Synchronization

Native password changes made on LDAP directory servers from Microsoft, Sun and IBM can trigger transparent password synchronization.

Read More:

page top page top