In many organizations, directories such as LDAP and AD have too many groups. Groups may be used to assign access rights, as mail distribution lists or both. When there are too many groups:
- It's hard to tell what a given user has access to, and whether those access rights are appropriate.
- Assigning the right groups to users, when they first join an organization or after they move to a new role or department, is difficult.
- There are rarely effective processes to remove users from groups or delete groups entirely. This means that groups only multiply and become less manageable over time.
A confounding problem is that groups normally represent business functions, but are only manageable by IT. Business users have to figure out that what they need is a group -- either to create a new one or join an existing one. They then have to figure out which group, how to ask it, who should approve that and who can actually do the work. This is a slow process for users and an expensive one for IT.
Hitachi ID Identity Manager Solution
Identity Manager improves security by ensuring that changes to security groups are properly authorized before being implemented.
Identity Manager reduces the cost of IT support by moving requests and authorization for changes to groups out of IT, to the community of business users. This includes requests to create, modify or delete groups, to add or remove members or owners and more.
Identity Manager streamlines service delivery regarding the management of security groups by making it easier for users to submit clear and appropriate change requests and automatically routing those requests to the right authorizers. Approved requests are automatically completed, in real time. This makes the request process painless and fulfillment fast.