Highlights of the 10.1 release
User provisioning, RBAC, SoD and access certification.
- A new task-oriented mobile-friendly request app using
a shopping-cart approach.
- A new access certification app that supports effective
collaboration between certifiers and their subordinates
supported by fine-grained actions, such as deferred
- New access certification features, such as line-item
delegation and review of identity attributes and
Self service management of passwords, PINs and encryption keys.
- A launch pad for federated single sign-on.
- Single sign-on across successive login sessions.
Secure administrator and service accounts.
- Ability to launch administrative SSH and RDP sessions from
any iPhone or Android device.
- Mapping and analytics of SSH trust relationships.
These products can be deployed separately or together, in the following
- Identity Manager alone.
Note: this includes Hitachi ID Group Manager and Hitachi ID Access Certifier.
- Password Manager alone.
Note: this includes Hitachi ID Login Manager and Hitachi ID Telephone Password Manager.
- Identity Manager and Password Manager in a shared instance.
- Privileged Access Manager alone.
- Group Manager -- a subset of Identity Manager strictly for group management.
Other combinations are technically possible but not actively tested.
The following screen shots offer an overview of new screens in the 10.1
The new request UI has a mobile-friendly UI with has a multi-step
wizard-like theme modeled after an e-commerce shopping cart.
The same motif applies to all requests -- for access and to update
A new access certification UI is highly interactive and supports
Using the new certification UI, stake-holders can be asked to review
identity attributes as well as entitlements. This supports delegated
directory cleanup, as well as entitlement revocation.
Items can be selected and delegated to someone else to review.
This creates a collaborative relationship between the original
reviewer, who can continue to work on the selected items, and the
new reviewer, who sees just those items and can help decide what
to do with each one.
Revocation actions are no longer hard-coded, and instead are
configured using request forms. These forms can call for
additional user input, such as a deferred deactivation date.
Users can sign into Password Manager first and launch logins into other
applications, which are integrated using SAML 2.0 federation.
In this context, the Password Manager portal is the first thing users launch
and remains open all day.
Privileged Access Manager
Access can be requested and sessions initiated using a smart
phone. Notably, there is no public URL to Privileged Access Manager nor are
there TCP ports open on public IP addresses for RDP or SSH.
This allows users to sign into systems and diagnose problems
even when they have no computer nearby.
Hitachi ID Identity Express: Partner Portal Edition
A completely redesigned reference implementation takes care of
managing identities and credentials for people who work for partners.
This allows organizations to delegate to each business partner the
responsibility for managing their own users without seeing who
the other partners are or who works for other partners.