Hitachi ID Identity Manager enables automated, self-service and policy-driven management of users and entitlements with:
- Automated updates driven by a system of record:
Identity Manager monitors one or more systems of record (such as HR) and detect changes, such as new hires and terminations. It creates, modifies and deletes accounts and groups and manages entitlements on integrated systems to reflect these changes.
- Request portal:
Users sign into a Identity Manager web portal to create or manage user profiles, accounts or groups. This includes self-service, where requesters modify their own profiles or groups they own, or delegated access, where requesters ask to change another user's group memberships, assigned roles or identity attributes.
An included workflow engine validates and completes requests submitted via the request portal, API or CLI. The workflow engine invites users to participate in processes, by approving requests, reviewing and certifying identities and entitlements or manually completing approved changes.
- Access certification:
Business stake-holders are periodically invited to review users, security entitlements and policy objects within their scope of authority. They either certify that each item remains business-appropriate or request corrections, such as transferring a coworker to a new manager, revoking an access rights, correcting an identity attribute or updating a role or SoD rule.
- Policy enforcement:
Identity Manager enforces a variety of policies, including:
- Role based access control, where security entitlements are grouped into roles, which are either automatically assigned to users or available for request.
- Segregation of duties, which defines mutually-exclusive sets of security entitlements, prevented at request time and detected in analytics.
- Rules to compose and reserve unique identifiers, such as login IDs, e-mail addresses and more.
- Privacy protection, limiting what one user can see of and request for another user.
- Reports, dashboards and analytics:
Identity Manager includes many reports, dashboards and analytics, which answer questions about current and historical identities and entitlements, analyze workflow activity and trends, seek patterns in entitlements and roles and identify policy violations.
- Automated connectors and human implementers:
Identity Manager reads current-state information and automatically writes creates or updates accounts and groups on over 130 kinds of systems, including directories, on-premises and SaaS applications and various systems. Identity Manager also includes workflow processes to invite people to complete tasks, where automated integration is uneconomical or technically infeasible.
- Unified management of logical access and physical assets:
Identity Manager includes an inventory tracking system, used to track assets such as building access badges, tokens, etc. It automates the distribution and collection of such assets to/from authorized users.
- Identity synchronization:
Identity Manager merges and normalizes identity attributes from multiple sources to construct an internal meta directory. Changes are pushed out to integrated systems.