- The entire UI is refreshed with a new theme, new dynamic navigation and a single skin that dynamically adapts to small screens (such as on phones).
- Navigation options and reports are searchable.
- Reports, dashboards and navigation links can be pinned by users to the main landing page, shown after login.
- Almost 100 search engines, embedded in over 200 pages in the UI, have been updated to include filtering, sorting and advanced search terms.
- More object types have been made 'clickable' - allowing users to lookup details by clicking on descriptions of workflow requests, etc.
- Graphical dashboards support 'drill-down' to examine the underlying data behind summary figures.
- All products, including Hitachi ID Identity Manager and Hitachi ID Password Manager, include limited Hitachi ID Privileged Access Manager capabilities, to more securely store credentials used in scripts and to more easily schedule regular changes to target credentials.
- The auto-discovery infrastructure supports incremental discovery, such as scanning new or re-scanning existing target systems on demand.
- A new "app" infrastructure has been introduced, using responsive design principles to render a suitable and highly interactive UI on a variety of endpoint devices, including smart phones, tablets, laptops and desktop PCs. Key features, including request approval, a personal password vault and a privileged access dashboard have been moved to the new app framework.
- The Hitachi ID Mobile Access apps support multiple instances. Organizations with one Privileged Access Manager and one Identity Manager system, for example, can expose both to users via their devices.
- Hitachi ID Identity and Access Management Suite can send push notifications to devices equipped with Mobile Access, for example to invite users to approve workflow requests or to remind users to change their passwords.
- Mobile Access can be used as a second authentication factor, by users signing into the Hitachi ID Identity and Access Management Suite web portal. The web UI displays a cryptographic challenge in the form of a QR code, which the user scans using their phone running the app, to compute a response code.
Hitachi ID Identity Manager:
- Hitachi ID Access Certifier supports review and certification of roles and of segregation of duties policies.
- Significant expansion of entitlement analytics, including a cluster analysis report that identifies sets of users with the same values for key identity attributes and substantially overlapping entitlements -- i.e., candidate user class and role pairs.
- Extensive support for nested groups (i.e., groups that contain groups as members), in the request UI (ask to add/remove groups to/from groups), access certification (review whether a group should be a member of another group), policy evaluation, reports and more.
- New request types and workflow to create new shared folders, create groups to assign as owners, readers and writers and to assign access rights connecting the new groups to the new folders.
- Streamlined navigation, including a new user profile view UI with links to appropriate request types for a given requester/recipient combination.
- New and expanded reference components, including pre-configured risk analysis and management of non-human accounts.
Hitachi ID Privileged Access Manager:
- A dashboard aggregates current and recent check-outs, sessions and requests, per-user or across the organization. This significantly eases navigation for users who require privileged access, who wish to launch or close sessions and more.
- A dashboard for searching and playing back session recordings, including a new, in-browser video player.
- Windows users can launch sessions to privileged accounts using Firefox and Chrome (without ActiveX), in addition to IE (using ActiveX).
- All users can launch RDP and SSH sessions via an HTML5 proxy, without installing anything on their endpoint besides a web browser. This works for non-Windows clients and is helpful when connecting to managed sessions from off-site or behind firewalls.
- Expanded risk analytics, including pattern analysis to compare new requests to what peers of the recipient have recently accessed.
- Changes to the database schema, for significantly faster runtime performance.
- Improved user interface to configure and monitor Windows service account password management.
Hitachi ID Password Manager:
- A SAML 2.0 federated identity provider, allowing applications such as Google and Salesforce.com to externalize user logins to Password Manager.
- A personal password wallet, allowing users to store non-work-related credentials in a secure, replicated vault that they can access from their work PC, phone or tablet.
- New client software for MacOSX workstations, allowing users whose Mac is joined to an AD domain and who either forgot their AD password or locked it out to access the password reset system from their Mac login screen.
- The ability to update locally cached passwords on Windows endpoints using Firefox, Chrome and Opera, via a browser extension, in addition to IE/ActiveX.
- A more interactive password change UI, that indicates which password complexity rules have been met as the user types a new password.