Skip to main content

Hitachi ID certification

Product Sites

Automated User Provisioning

Automated user provisioning is one of multiple scenarios included in a more general automated administration system.

Automated user management works by monitoring one or more systems of record and waiting for changes to user profile data. Detected changes are then:

  1. Filtered, so that only changes within the scope of the system remain.
  2. Transformed, from the data format of the system of record, to the data format of the identity management and access governance system and of the target systems.
  3. Forwarded, from the identity management and access governance system to target systems.

Some examples of auto-provisioning/auto-deactivation are:

  1. Payroll staff create a record for a new hire in the HR application. The user provisioning system detects this event, notes that it is in scope and reformats the event into workflow requests to create a Windows/AD account, an Exchange mailbox and a mainframe login ID.

  2. HR staff set a termination date for an employee in the HR application. The user provisioning system detects this and sets the same date in the user's IAM profile. A batch process runs nightly and automatically submits "deactivate all accounts" workflow requests for every user whose termination date has passed.

  3. A rogue administrator adds his accomplice's login account to the Domain Admins AD group. The user provisioning system detects this new group membership, removes the user from the group and sends an SMS message describing what it detected to a security officer.

figure

    Automatic Propagation of Changes in User Profile Data (1)

(2)Hitachi ID Identity Manager monitors one or more systems of record, such as HR or a corporate directory, for changes. Events such as hires, moves and terminations are transformed into administrative updates, such as creating new accounts, changing identity attributes or disabling existing accounts and applied to target systems.

Automatic change propagation leverages existing business processes (in HR or payroll for example) to automate predictable systems administration tasks. Automated administration eliminates unnecessary manual work, hastens productivity for new users and ensures that access deactivation is both timely and reliable.

Return to Identity Management Concepts

page top page top