This document describes the configuration of a standard deployment
of Hitachi ID Password Manager. For organizations wishing to adopt best practices and
short-circuit extensive design discussions, the simplest approach
is to implement the policies and processes described here.
Integrated password systems
Most organizations have an on-premises Active Directory domain,
and this should always be the first integration.
Any additional systems and applications where a significant number
of users have login credentials should be integrated. For example,
many organizations operate a SAP ERP, SalesForce.com CRM or mainframe,
and these should be integrated.
Some applications externalize their login process via federated access.
This raises two possible integrations:
If there is not already a federated access management system, use
the SAML identity provider (IdP) included in Password Manager.
Many applications support both logins using internal passwords
and, separately federated login. For example, SalesForce.com
maintains passwords for users and can simultaneously offload the
login UI using SAML. In these dual-login scenarios, Password Manager should
at a minimum manage passwords on the application in question.