Identity management -- i.e., a set of processes for managing just identities -- has been largely supplanted by identity and access management -- i.e., a set of processes for managing identities and entitlements together.
Identity management and access governance refers to a set of technologies and processes used to coherently manage information about users in an organization, despite the fact that identity data may be scattered across organizational, geographical and application boundaries.
Identity management and access governance addresses a basic business problem: information about the identity of employees, contractors, customers, partners and vendors along with how those users authenticate and what they can access is distributed among too many systems and is consequently difficult to manage.
The Hitachi ID Identity and Access Management Suite is designed as identity management and access governance middleware, in the sense that it presents a uniform user interface and a consolidated set of business processes to manage user objects, identity attributes, security rights and credentials across multiple systems and platforms. This is illustrated in Figure [link].
Hitachi ID Suite Overview: Identity Middleware (1)
The Hitachi ID Suite includes several functional identity management and access governance modules:
- Hitachi ID Identity Manager
-- User provisioning, RBAC, SoD and access certification.
- Automated propagation of changes to user profiles, from systems of record to target systems.
- Workflow, to validate, authorize and log all security change requests.
- Automated, self-service and policy-driven user and entitlement management.
- Federated user administration, through a SOAP API to a user provisioning fulfillment engine.
- Consolidated access reporting.
Identity Manager includes the following additional features, at no extra charge:
- Hitachi ID Access Certifier
-- Periodic review and cleanup of security entitlements.
- Delegated audits of user entitlements, with certification by individual managers and application owners, roll-up of results to top management and cleanup of rejected security rights.
- Hitachi ID Group Manager
-- Self-service management of security group membership.
- Self-service and delegated management of user membership in Active Directory groups.
- Hitachi ID Org Manager
-- Delegated construction and maintenance of Orgchart data.
- Self-service construction and maintenance of data about lines of reporting in an organization.
- Hitachi ID Password Manager
-- Self service management of passwords, PINs and encryption keys.
- Password synchronization.
- Self-service and assisted password reset.
- Enrollment and management of other authentication factors, including security questions, hardware tokens, biometric samples and PKI certificates.
Password Manager includes the following additional features, at no extra charge:
- Hitachi ID Login Manager
-- Automated application logins.
- Automatically sign users into systems and applications.
- Eliminate the need to build and maintain a credential repository, using a combination of password synchronization and artificial intelligence.
- Hitachi ID Telephone Password Manager
-- Telephone self-service for passwords and tokens.
- Turn-key telephony-enabled password reset, including account unlock and RSA SecurID token management.
- Numeric challenge/response or voice print authentication.
- Support for multiple languages.
- Hitachi ID Privileged Access Manager
-- Secure administrator and service accounts.
- Periodically randomize privileged passwords.
- Ensure that IT staff access to privileged accounts is authenticated, authorized and logged.
- Group Manager is available both as a stand-alone product and as a component of Identity Manager.
The relationships between the Hitachi ID Suite components is illustrated in Figure [link].
Components of the Hitachi ID Suite (2)