The remainder of this document is organized as follows:
System objectives -- what credential management systems are
designed to do.
Mission statement -- how organizations should structure
their internal communication about priorities and objectives.
Metrics -- how to measure the impact on the system.
Stake-holders -- who to involve in design, implementation
and ongoing support.
Deployment and support team -- who the core individuals
are that must build out and support the system and what their
initial and long term commitment will be.
Features and design -- what processes the system should
User access to the self-service UI -- how to ensure that
users can resolve login problems wherever they may be, at any time
and on any device in any state.
Formulating a uniform password policy -- how to develop
a set of password rules that work for every system and every user
Equivalent credentials -- caution about weak links in
security and how to avoid them.
Security questions -- design considerations for enrolling
security questions and using them to authenticate users who forgot their
Augmenting security questions with a second factor -- how
to improve security by front-ending security questions with a stronger,
Infrastructure integrations -- what systems the credential
management automation should integrate with.
Hitachi ID Password Manager: technical architecture -- the runtime platform
and network architecture on which Password Manager is deployed.
Password Manager: server hardening -- how to lock down OS, DB and
web servers to protect the system.
Password Manager: BYOD access to on-premises credential management --
how to enable users to access self-service from their phones or
tablets, which are typically not attached to the corporate network.
Auto-discovery of user profiles and accounts -- how to
minimize care and feeding of the system using auto-discovery.
User enrollment -- inviting users to answer security
questions; install smart phone apps; etc.
Maximizing user adoption and ROI -- strategies to get users
to enroll and to use the system to resolve login problems.
Ongoing administration and support -- what can be expected
in terms of long term care and feeding of the system.