Active Directory Administration
Active Directory is the most popular directory product for medium to large organizations, in large part because it is closely integrated with Windows PCs and Exchange e-mail systems.
User and entitlement management is the result of business processes which reflect changes in business needs into the IT infrastructure. These processes may include:
Detect new user records on a system of record (such as HR) and automatically provision those users with appropriate access on other systems and applications.
Detect deleted or deactivated users on an authoritative system and automatically deactivate those users on all other systems and applications.
- Identity synchronization:
Detect changes to personal data, such as phone numbers or department codes, on one system and automatically make matching changes on other systems for the same user.
- Self-service requests:
Enable users to update their own profiles (e.g., new home phone number) and to request new entitlements (e.g., access to an application or share).
- Delegated administration:
Enable managers, application owners and other stake-holders to modify users and entitlements within their scope of authority.
- Access certification:
Periodically invite managers and application owners to review lists of users and security entitlements within their scope of authority, flagging inappropriate entries for further review and removal.
- Authorization workflow:
Validate all proposed changes, regardless of their origin and invite business stake-holders to approve them before they are applied to integrated systems and applications.
- Consolidated reporting:
Provide data about what users have what entitlements, what accounts are dormant or orphaned, change history, etc. across multiple systems and applications.
Hitachi ID Identity Manager enables organizations to automate the administration of identities and entitlements in Active Directory. Hitachi ID Password Manager enables organizations to automate the administration of credentials -- most commonly passwords -- in Active Directory.