Hitachi


Previous PDF

swipe to navigate

This document presents best practices for deploying and operating an identity management infrastructure. It builds on Hitachi ID Systems's years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.

The document is organized as follows:

  • Overview: Defining Identity Management:

    Some basic definitions that help clarify the subsequent material.

  • Long Term Commitment:

    Identity management is more accurately described as a change in the IT organization and business processes than a finite project. Deployment can reasonably be expected to continue indefinitely, with more features and integrations are added over time.

  • Focus on Business Drivers:

    Given the long-term investment in identity management, it makes sense to identify and focus the highest priority business drivers first.

  • Deliver Early and Often:

    To minimize project risk and to ensure a positive return on investment, it is essential to deliver tangible results early in the project, and keep delivering new benefits regularly.

  • Usability and Adoption:

    Identity management is focused on the user -- a human being represented on multiple IT systems, by a combination of identity attributes and privileges. It follows that user adoption is a prerequisite to success.

  • Critical Path and Common Interdependencies:

    Some integrations and features depend on others. This section identifies major interdependencies, which impact project timelines.

  • Project Management Methodology:

    A typical methodology for delivering a given project milestone.

  • Typical Timeline and Deliverables:

    Pulling all of the above together, a sample project timeline is developed, step-by-step.

Overview: Defining Identity Management

Identity management and access governance is defined as a shared platform and consistent processes for managing information about users: who they are, how they are authenticated and what they can access.

Enterprise Identity and Access Management (IAM) is defined as a set of processes and technologies to effectively and consistently manage modest numbers of users and entitlements across multiple systems. In this definition, there are typically significantly fewer than a million users, but users typically have access to multiple systems and applications.

Typical enterprise identity and access management scenarios include:

  • Password synchronization and self-service password reset.
  • Identity and access management (IAM), including identity synchronization, auto-provisioning and automatic access deactivation, self-service access requests, approvals workflow and consolidated reporting.
  • Enterprise single sign-on -- automatically filling login prompts on client applications.
  • Web single sign-on -- consolidating authentication and authorization processes across multiple web applications.

Previous Next PDF