Highlights of the 10.1 release

Hitachi ID Identity Manager

User provisioning, RBAC, SoD and access certification.

  • A new task-oriented mobile-friendly request app using a shopping-cart approach.
  • A new access certification app that supports effective collaboration between certifiers and their subordinates supported by fine-grained actions, such as deferred revocation.
  • New access certification features, such as line-item delegation and review of identity attributes and entitlements.

Hitachi ID Password Manager

Self service management of passwords, PINs and encryption keys.

  • A launch pad for federated single sign-on.
  • Single sign-on across successive login sessions.

Hitachi ID Privileged Access Manager

Secure administrator and service accounts.

  • Ability to launch administrative SSH and RDP sessions from any iPhone or Android device.
  • Mapping and analytics of SSH trust relationships.

These products can be deployed separately or together, in the following combinations:

  1. Identity Manager alone.
    Note: this includes Hitachi ID Group Manager and Hitachi ID Access Certifier.
  2. Password Manager alone.
    Note: this includes Hitachi ID Login Manager and Hitachi ID Telephone Password Manager.
  3. Identity Manager and Password Manager in a shared instance.
  4. Privileged Access Manager alone.
  5. Group Manager -- a subset of Identity Manager strictly for group management.

Other combinations are technically possible but not actively tested.

UI preview

The following screen shots offer an overview of new screens in the 10.1 release.

Identity Manager

The new request UI has a mobile-friendly UI with has a multi-step wizard-like theme modeled after an e-commerce shopping cart.

The same motif applies to all requests -- for access and to update identity attributes.

A new access certification UI is highly interactive and supports fine-grained delegation.

Using the new certification UI, stake-holders can be asked to review identity attributes as well as entitlements. This supports delegated directory cleanup, as well as entitlement revocation.

Items can be selected and delegated to someone else to review. This creates a collaborative relationship between the original reviewer, who can continue to work on the selected items, and the new reviewer, who sees just those items and can help decide what to do with each one.

Revocation actions are no longer hard-coded, and instead are configured using request forms. These forms can call for additional user input, such as a deferred deactivation date.

Password Manager

Users can sign into Password Manager first and launch logins into other applications, which are integrated using SAML 2.0 federation. In this context, the Password Manager portal is the first thing users launch and remains open all day.

Privileged Access Manager

Access can be requested and sessions initiated using a smart phone. Notably, there is no public URL to Privileged Access Manager nor are there TCP ports open on public IP addresses for RDP or SSH. This allows users to sign into systems and diagnose problems even when they have no computer nearby.

Hitachi ID Identity Express: Partner Portal Edition

A completely redesigned reference implementation takes care of managing identities and credentials for people who work for partners. This allows organizations to delegate to each business partner the responsibility for managing their own users without seeing who the other partners are or who works for other partners.