A connector is a software agent used by an IAM system to:

  • Get a list of accounts, identity attributes and security entitlements from an integrated target system of a specific type.
  • Create new and modify existing accounts on the same type of target system.
  • Attach users to and remove users from security groups on the same type of system.
  • Set new and modify existing identity attributes on the same type of system.
  • Enable, disable, move, rename, reset passwords or otherwise modify accounts on the same type of system.

Connectors allow IAM systems and password management systems to complete approved changes automatically, thus reducing IT security workload and improving user service.

Some access governance software only include what they refer to as either "uni-directional" connectors or, equivalently, collectors. These can read current state about users and entitlements from target systems, but cannot write changes back. Most modern IAM systems include "bi-directional" connectors, which can both read from and write to target systems.

Hitachi ID Identity and Access Management Suite comes with connectors for many popular systems and applications. All connectors are included in the base price.

Out-of-the-box connectors

Directories: Servers: Databases:
Any LDAP, AD, eDirectory, NIS/NIS+. Windows 2000--2012, Samba, SharePoint. Oracle, Sybase, SQL Server, DB2/UDB, ODBC, Informix, MySQL.
Unix: Mainframes: Midrange:
Linux, Solaris, AIX, HPUX, 24 more variants. z/OS with RAC/F, ACF/2 or TopSecret. iSeries (OS400), OpenVMS.
ERP: Collaboration: Tokens, Smart Cards:
JDE, Oracle eBiz, PeopleSoft, SAP R/3, SAP ECC 6, Siebel, Business Objects. Lotus Notes, Exchange, BlackBerry ES. RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger.
WebSSO: Help Desk: HDD Encryption:
CA SiteMinder, IBM TAM, Oracle AM, RSA Access Manager. ServiceNow, Remedy, BMC SDE, HP Service Manager, CA Unicenter,Assyst, HEAT, Altiris, Clarify, Track-It!, RSA Envision, MS SCS Manager. McAfee, CheckPoint (PointSec), Microsoft (BitLocker), Symantec (PGP),Sophos SafeGuard (Sophos).
SaaS: Miscellaneous: Extensible:
Salesforce.com, WebEx, Google Apps, MS Office 365, Concur, AWS, vCloud, SOAP (generic). OLAP, Hyperion, iLearn, Caché, Success Factors, VMware vSphere.Cisco IOS, Juniper JUNOS, F5, iLO cards, DRAC cards, RSA cards, etc. SSH, Telnet, TN3270, HTTP(S), SQL, LDAP, command-line.

Scripted connectors

Hitachi ID Identity and Access Management Suite includes a number of flexible connectors, each of which is used to script integration with a common protocol or mechanism. These connectors allow organizations to quickly and inexpensively integrate Hitachi ID Identity and Access Management Suite with custom and vertical market applications.

There are flexible connectors to script interaction with:

API binding:

Terminal emulation:

Web services:

Back end integration:


  • C, C++
  • Java, J2EE
  • .NET
  • COM, ActiveX
  • MQ Series

  • SSH
  • Telnet
  • TN3270, TN5250
  • Simulated browser

  • SOAP
  • REST
  • Pure HTTP(S)

  • SQL Injection
  • LDAP attributes

  • Windows
  • Power Shell
  • Unix/Linux

Organizations that wish to write a completely new connector to integrate with a custom or vertical market application may do so using whatever development environment they prefer (Python, J2EE, .NET, etc.) and invoke it as either a command-line program or web service.

If organization develops their own integrations, an effort of between four hours and four days is typical. Alternately, Hitachi ID Systems offers fixed-cost custom integrations for a nominal fee.

Return to Identity Management Concepts