The auto-discovery infrastructure supports incremental
discovery, such as scanning new or re-scanning existing target
systems on demand.
A new "app" infrastructure has been introduced, using responsive
design principles to render a suitable and highly interactive
UI on a variety of endpoint devices, including smart phones, tablets,
laptops and desktop PCs. Key features, including request approval,
a personal password vault and a privileged access dashboard have
been moved to the new app framework.
The Hitachi ID Mobile Access apps support multiple instances. Organizations with
one Privileged Access Manager and one Identity Manager system, for example, can expose
both to users via their devices.
Mobile Access can be used as a second authentication factor, by users
signing into the Hitachi ID Suite web portal. The web UI displays a
cryptographic challenge in the form of a QR code, which the user
scans using their phone running the app, to compute a response
Hitachi ID Identity Manager:
Hitachi ID Access Certifier supports review and certification of roles and of
segregation of duties policies.
Significant expansion of entitlement analytics, including
a cluster analysis report that identifies sets of users with
the same values for key identity attributes and substantially
overlapping entitlements -- i.e., candidate user class and role pairs.
Extensive support for nested groups (i.e., groups that contain
groups as members), in the request UI (ask to add/remove groups
to/from groups), access certification (review whether a group should
be a member of another group), policy evaluation, reports and more.
New request types and workflow to create new shared folders,
create groups to assign as owners, readers and writers and
to assign access rights connecting the new groups to the new folders.
Streamlined navigation, including a new user profile view UI
with links to appropriate request types for a given
New and expanded component framework, including
risk analysis and management of non-human accounts.
Hitachi ID Privileged Access Manager:
A dashboard aggregates current and recent check-outs, sessions
and requests, per-user or across the organization. This
significantly eases navigation for users who require
privileged access, who wish to launch or close sessions and more.
A dashboard for searching and playing back session recordings,
including a new, in-browser video player.
Windows users can launch sessions to privileged accounts using
Firefox and Chrome (without ActiveX), in addition to IE (using
All users can launch RDP and SSH sessions via an HTML5 proxy,
without installing anything on their endpoint besides a web browser.
This works for non-Windows clients and is helpful when connecting
to managed sessions from off-site or behind firewalls.
Expanded risk analytics, including pattern analysis to compare
new requests to what peers of the recipient have recently accessed.
Changes to the database schema, for significantly faster runtime
Improved user interface to configure and monitor Windows service
account password management.
Hitachi ID Password Manager:
A SAML 2.0 federated identity provider, allowing applications such
as Google and Salesforce.com to externalize user logins to
A personal password wallet, allowing users to store non-work-related
credentials in a secure, replicated vault that they can access
from their work PC, phone or tablet.
New client software for MacOSX workstations, allowing users whose
Mac is joined to an AD domain and who either forgot their AD password
or locked it out to access the password reset system from their
Mac login screen.
The ability to update locally cached passwords on Windows endpoints
using Firefox, Chrome and Opera, via a browser extension, in
addition to IE/ActiveX.
A more interactive password change UI, that indicates which
password complexity rules have been met as the user types a new