Identity management -- i.e., a set of processes for managing just identities -- has been largely supplanted by identity and access management -- i.e., a set of processes for managing identities and entitlements together.
Identity management and access governance refers to a set of technologies and processes used to coherently manage information about users in an organization, despite the fact that identity data may be scattered across organizational, geographical and application boundaries.
Identity management and access governance addresses a basic business problem: information about the identity of employees, contractors, customers, partners and vendors along with how those users authenticate and what they can access is distributed among too many systems and is consequently difficult to manage.
The Hitachi ID Identity and Access Management Suite is designed as identity management and access governance middleware, in the sense that it presents a uniform user interface and a consolidated set of business processes to manage user objects, identity attributes, security rights and credentials across multiple systems and platforms. This is illustrated in Figure [link].
The Hitachi ID Identity and Access Management Suite includes several functional identity management and access governance modules:
- Hitachi ID Identity Manager
-- User provisioning, RBAC, SoD and access certification.
- Monitoring systems of record to update user profiles and automatically requesting matching changes to identities and access rights.
- A portal where users may requests changes to identities and access rights, with advanced search and access controls.
- Workflow to route change requests to authorizers and implementers.
- Analytics, including risk scores deviation from role and violation of SoD.
Hitachi ID Identity Manager includes the following additional features, at no extra charge:
- Hitachi ID Access Certifier
-- Periodic review and cleanup of security entitlements.
- Delegating review of access rights, policy configuration and identity attributes to business stake-holders.
- Engagement with managers, resource owners and policy owners.
- Hitachi ID Group Manager
-- Self-service management of security group membership.
- Self-service and delegated requests for access to resources and the groups that have rights to them.
- Group Manager is also available as a stand-alone product, as well as a component of Hitachi ID Identity Manager.
- Hitachi ID Org Manager
-- Delegated construction and maintenance of Orgchart data.
- Delegating the construction and maintenance of manager/subordinate relationships to managers.
- Read/write integration with directories and HR systems.
- Hitachi ID Password Manager
-- Self service management of passwords, PINs and encryption keys.
- Password synchronization, via browser or by intercepting native password changes.
- Self-service and assisted reset of passwords and PINs.
- Self-service unlock of encrypted drives, where users may have forgotten a pre-boot password.
- Access from anywhere - browser, smart phone app, voice phone call, PC login screen, pre-boot password prompt, on-premises or off-site.
- Two factor authentication for all users, using either existing credentials (RSA, etc.) or by introducing new mechanisms, such as browser fingerprinting, sending a PIN to the user's phone or an included smart phone app.
- Federated access via a SAML IdP to compatible applications.
- A personal vault, where users can securely store and retrieve unmanaged credentials.
- Managed enrollment of security questions, mobile phone numbers, etc.
Hitachi ID Password Manager includes the following additional features, at no extra charge:
- Hitachi ID Login Manager
-- Automated application logins.
- Automatically sign users into systems and applications.
- Eliminate the need to build and maintain personal password wallets, using a combination of password synchronization and pattern matching.
- Hitachi ID Telephone Password Manager
-- Telephone self-service for passwords and tokens.
- Turn-key telephony-enabled password and PIN reset, including for RSA SecurID tokens.
- Self-service unlock for forgotten pre-boot drive encryption passwords.
- Authentication with either numeric security questions or voice print biometrics.
- Support for multiple spoken languages.
- Hitachi ID Privileged Access Manager
-- Secure administrator and service accounts.
- Automatically discover and classify systems, accounts, groups and services to manage.
- Periodically randomize and vault passwords to privileged accounts.
- Authenticate, authorize and log user access to privileged accounts and groups, including built-in 2FA for all users.
- Orchestrate changes to service account and embedded account passwords.
- Discover, analyze and modify SSH trust relationships.
- Risk scores and analytics, at request time and after the fact.
- Record sessions (video, keylog, etc.) with search and playback.
- Group Manager is available both as a stand-alone product and as a component of Hitachi ID Identity Manager.
The relationships between the Hitachi ID Identity and Access Management Suite components is illustrated in Figure [link].