Suite 6.1 New Features

Hitachi ID Management Suite version 6.1.0 is a major, milestone release. It includes the following products:

Hitachi ID Identity Manager -- User provisioning, RBAC, SoD and access certification
Hitachi ID Access Certifier -- Periodic review and cleanup of security entitlements
Hitachi ID Group Manager -- Self-service management of security group membership
Hitachi ID Org Manager -- Delegated construction and maintenance of Orgchart data

New features in Hitachi ID Management Suite 6.1.0 include:

An RBAC enforcement engine:
1. Can automatically find out-of-role users and automatically submit workflow requests to bring these users back into compliance.
2. Supports incremental deployment of RBAC. Organizations gradually bring users, roles and entitlements into the scope of enforcement and can test the impact of enforcement at every step.
3. Can detect and respond to changes made to user entitlements out of band (i.e., bring users back into compliance).
4. Can detect and respond to changes made to role definitions (i.e., cascade changes to users with the assigned role).
Implementer-style operations (also known as "agent-human"):
1. Use of workflow to invite people to participate in the fulfillment of approved requests, by creating, modifying or deleting access. This includes reminders, out-of-office pre-escalation, timed auto-escalation, manual delegation, action by a group of participants and more.
2. Support for hybrid integrations, where some actions are automated (e.g., list login IDs) and others are manual (e.g., create/delete).
3. Support for hybrid dependencies, where human and automated actions may be scheduled in relation to one another.
4. The ability to track physical inventory objects -- for example smart phones, building access badges, authentication tokens, etc.
Pre-defined requests:
1. Simplified request forms for common kinds of changes, such as updates to personal contact information, setting a termination date, hiring a contractor, etc.
2. Intended to reduce the complexity of the Hitachi ID Management Suite user interface and improve user adoption as a result.
Real-time auto-provisioning:
1. Support for a customer-provided process to trigger action with respect to a single user ID on a single integrated system, without providing any more detail beyond "please re-examine user X on system Y."
2. Retaining the polling nature of Hitachi ID Management Suite's auto-discovery system, and its desirable trait of avoiding change control on critical infrastructure.
3. Keeping business logic for auto-provisioning, auto-deactivation, etc. on the Hitachi ID Management Suite server, rather than having to implement such complex logic on an HR or ERP application.
Windows shell extension:
1. Replacing the native "Access denied" error dialog in Windows with a more helpful "Access denied, to request access Click here:"
2. Allowing users to click right from Windows error messages to a web-based request form for appropriate AD group membership.