Skip to main content

Hitachi ID certification

Product Sites

User Provisioning

A user provisioning system is shared IT infrastructure which is used to pull the management of users, identity attributes and security entitlements out of individual systems and applications, into a shared infrastructure.

User provisioning is intended to make the creation, management and deactivation of login IDs, home directories, mail folders, security entitlements and related items faster, cheaper and more reliable. This is done by automating and codifying business processes such as onboarding and termination and connecting these processes to multiple systems.

User provisioning systems work by automating one or more processes:

  • Auto-provisioning, deactivation:
    Detect new user records on a system of record (SoR, such as HR) and automatically provision those users with appropriate access on other systems and applications. Detect deleted or deactivated users on the SoR and automatically deactivate those users across integrated systems and applications.
  • Self-service requests:
    Enable users to update their own profiles (e.g., new home phone number) and to request new entitlements (e.g., access to an application or share).
  • Delegated administration:
    Enable managers, application owners and other stake-holders to modify users and entitlements within their scope of authority.
  • Access certification:
    Periodically invite managers and application owners to review users and security entitlements within their scope of authority, flagging inappropriate entries for removal.
  • Identity synchronization:
    Detect changes to attributes, such as phone numbers or department codes on one system and automatically copy to others.
  • Authorization workflow:
    Validate all proposed changes, regardless of their origin and invite business stake-holders to approve them before they are applied to integrated systems and applications.

As well, a user provisioning system must be able to connect these processes to systems and applications, using connectors that can:

  • List existing accounts and groups.
  • Create new and delete existing accounts.
  • Read and write identity attributes associated with a user object.
  • Read and set flags, such as "account enabled/disabled," "account locked," and "intruder lockout."
  • Change the login ID of an existing account (rename user).
  • Read a user's group memberships.
  • Read a list of a group's member users.
  • Add an account to or remove an account from a group.
  • Create, delete and set the attributes of a group.
  • Move a user between directory organizational units (OUs).

Hitachi ID Identity Manager is manages the lifecycles of identities and entitlements. It includes:

  1. Automated updates driven by a system of record.
  2. A request portal.
  3. A workflow engine to invite people to approve requests, recertify access or complete tasks.
  4. Access certification processes.
  5. Policy engines to enforce a variety of types of rules.
  6. Reports, dashboards and analytics.
  7. Automated connectors and human implementers.
  8. Unified management of logical access and physical assets.
  9. Identity synchronization.

Identity Manager includes connectors to manage users and entitlements on over 120 kinds of systems and applications, on-premise and in the cloud.

These capabilities are accessed via a web portal, compatible with both full-screen browsers (PC, tablet) and smart-phones (via mobile app).

Return to Identity Management Concepts

page top page top