Scope of the 10.1 release
- Hitachi ID Identity Manager -- User provisioning, RBAC, SoD and access certification.
- Hitachi ID Password Manager -- Self service management of passwords, PINs and encryption keys.
- Hitachi ID Privileged Access Manager -- Secure administrator and service accounts.
These products can be deployed separately or together, in the following combinations:
- Identity Manager alone.
Note: this includes Hitachi ID Group Manager and Hitachi ID Access Certifier.
- Password Manager alone.
Note: this includes Hitachi ID Login Manager and Hitachi ID Telephone Password Manager.
- Identity Manager and Password Manager in a shared instance.
- Privileged Access Manager alone.
- Group Manager -- a subset of Identity Manager strictly for group management.
Other combinations are technically possible but not actively tested.
The following screen shots offer an overview of new screens in the 10.1 release.
The new request UI has a mobile-friendly UI with has a multi-step wizard-like theme modeled after an e-commerce shopping cart.
__ScreenTenOneIMNewHireA __ScreenTenOneIMNewHireB __ScreenTenOneIMNewHireC __ScreenTenOneIMNewHireD
The same motif applies to all requests -- for access and to update identity attributes.
__ScreenTenOneIMRequestGroups __ScreenTenOneIMUpdateContact __ScreenTenOneIMRequestAccountA __ScreenTenOneIMRequestAccountB __ScreenTenOneIMRequestAccountC
A new access certification UI is highly interactive and supports fine-grained delegation.
Using the new certification UI, stake-holders can be asked to review identity attributes as well as entitlements. This supports delegated directory cleanup, as well as entitlement revocation.
Items can be selected and delegated to someone else to review. This creates a collaborative relationship between the original reviewer, who can continue to work on the selected items, and the new reviewer, who sees just those items and can help decide what to do with each one.
Revocation actions are no longer hard-coded, and instead are configured using request forms. These forms can call for additional user input, such as a deferred deactivation date.
Users can sign into Password Manager first and launch logins into other applications, which are integrated using SAML 2.0 federation. In this context, the Password Manager portal is the first thing users launch and remains open all day.
Privileged Access Manager
Access can be requested and sessions initiated using a smart phone. Notably, there is no public URL to Privileged Access Manager nor are there TCP ports open on public IP addresses for RDP or SSH. This allows users to sign into systems and diagnose problems even when they have no computer nearby.
Hitachi ID Identity Express: Partner Portal Edition
A completely redesigned reference implementation takes care of managing identities and credentials for people who work for partners. This allows organizations to delegate to each business partner the responsibility for managing their own users without seeing who the other partners are or who works for other partners.
__ScreenTenOneIMNewPartnerA __ScreenTenOneIMNewPartnerB __ScreenTenOneIMNewPartnerC