Identity management software -- i.e., software that automates processes for managing just identities -- has been largely supplanted by identity and access management software -- i.e., software for managing identities and entitlements together.

The Hitachi ID Identity and Access Management Suite is designed as identity management and access governance middleware, in the sense that it presents a uniform user interface and a consolidated set of business processes to manage user objects, identity attributes, security rights and credentials across multiple systems and platforms. This is illustrated in Figure [link].

    Hitachi ID Identity and Access Management Suite Overview: Identity Middleware

The Hitachi ID Identity and Access Management Suite includes several functional identity management and access governance modules:

  • Hitachi ID Identity Manager -- User provisioning, RBAC, SoD and access certification.
    • Monitoring systems of record to update user profiles and automatically requesting matching changes to identities and access rights.
    • A portal where users may requests changes to identities and access rights, with advanced search and access controls.
    • Workflow to route change requests to authorizers and implementers.
    • Analytics, including risk scores and SoD.

    Hitachi ID Identity Manager includes the following additional features, at no extra charge:

    • Hitachi ID Access Certifier -- Periodic review and cleanup of security entitlements.
      • Delegating review of access rights, policy configuration and identity attributes to business stake-holders.
      • Engagement with managers, resource owners and policy owners.

    • Hitachi ID Group Manager -- Self-service management of security group membership.
      • Self-service and delegated requests for access to resources and the groups that have rights to them.
      • Group Manager is also available as a stand-alone product, as well as a component of Hitachi ID Identity Manager.

    • Hitachi ID Org Manager -- Delegated construction and maintenance of Orgchart data.
      • Delegating the construction and maintenance of manager/subordinate relationships to managers.
      • Read/write integration with directories and HR systems.

  • Hitachi ID Password Manager -- Self service management of passwords, PINs and encryption keys.
    • Password synchronization, via browser or by intercepting native password changes.
    • Self-service and assisted reset of passwords and PINs.
    • Self-service unlock of encrypted drives, where users may have forgotten a pre-boot password.
    • Access from anywhere - browser, smart phone app, voice phone call, PC login screen, pre-boot password prompt, on-premises or off-site.
    • Two factor authentication for all users, using either existing credentials (RSA, etc.) or by introducing new mechanisms, such as browser fingerprinting, sending a PIN to the user's phone or an included smart phone app.
    • Federated access via a Security Assertions Markup Language (SAML) identity provider (IdP) to compatible applications.
    • A personal vault, where users can securely store and retrieve unmanaged credentials.
    • Managed enrollment of security questions, mobile phone numbers, etc.

    Hitachi ID Password Manager includes the following additional features, at no extra charge:

    • Hitachi ID Login Manager -- Automated application logins.
      • Automatically sign users into systems and applications.
      • Eliminate the need to build and maintain personal password wallets, using a combination of password synchronization and pattern matching.

    • Hitachi ID Telephone Password Manager -- Telephone self-service for passwords and tokens.
      • Turn-key telephony-enabled password and PIN reset, including for RSA SecurID tokens.
      • Self-service unlock for forgotten pre-boot drive encryption passwords.
      • Authentication with either numeric security questions or voice print biometrics.
      • Support for multiple spoken languages.

  • Hitachi ID Privileged Access Manager -- Secure administrator and service accounts.
    • Automatically discover and classify systems, accounts, groups and services to manage.
    • Periodically randomize and vault passwords to privileged accounts.
    • Authenticate, authorize and log user access to privileged accounts and groups, including built-in 2FA for all users.
    • Orchestrate changes to service account and embedded account passwords.
    • Discover, analyze and modify SSH trust relationships.
    • Risk scores and analytics, at request time and after the fact.
    • Record sessions (video, keylog, etc.) with search and playback.

  • Group Manager is available both as a stand-alone product and as a component of Hitachi ID Identity Manager.

The relationships between the Hitachi ID Identity and Access Management Suite components is illustrated in Figure [link].

    Components of the Hitachi ID Identity and Access Management Suite

Return to Identity Management Concepts