Scope of the 11.1 release
The Hitachi ID Suite 11.1 release includes all Hitachi ID products:
- Hitachi ID Identity Manager -- User provisioning, RBAC, SoD and access certification.
- Hitachi ID Password Manager -- Self service management of passwords, PINs and encryption keys.
- Hitachi ID Privileged Access Manager -- Secure administrator and service accounts.
These products can be deployed separately or together, in the following combinations:
- Identity Manager alone.
Note: this includes Hitachi ID Group Manager and Hitachi ID Access Certifier.
- Password Manager alone.
Note: this includes Hitachi ID Telephone Password Manager.
- Identity Manager and Password Manager in a shared instance.
- Privileged Access Manager alone.
- Group Manager -- a subset of Identity Manager strictly for group management.
Other combinations are technically possible but not actively tested.
What's new in 11.1
- Enhancements across the entire Hitachi ID Suite:
- Updated migration tools to extract configuration changes
from one product instance based on a date range (e.g., "export
everything configured today") and import those changes into
another instance. This will significantly aid migrations
across development, test and production environments.
- Extensible method functions in the REST API, implemented on the
Hitachi ID Suite server using a local/shared memory API and exposed as
web services to remote callers.
- Expanded support for localization of text in configuration
- A new log censorship program suitable for sanitizing
diagnostic logs by removing any PII before sending them to Hitachi ID
to request technical support. This is especially helpful for
organizations subject to GDPR.
- Simplified activation of Hitachi ID Mobile Access on smart phones.
- Please see (2) for details
about suite-wide improvements in 11.1.
- Updated migration tools to extract configuration changes from one product instance based on a date range (e.g., "export everything configured today") and import those changes into another instance. This will significantly aid migrations across development, test and production environments.
- Identity Manager:
- A recommendation engine for group membership:
- Requesters can ask for recommendations when requesting
groups for themselves or others.
- Reviewers are presented with a score indicating how consistent a given group assignment is, when comparing the user who has the group to their peers.
Recommendations are based on peer groups -- sets of users who share the same values for key identity attributes, such as department or location codes.
- Requesters can ask for recommendations when requesting groups for themselves or others.
- When a single reviewer is assigned multiple segments within
a single campaign, the segments can be consolidated into a
single invitation e-mail and single navigational link.
- Ability to display resource and entitlement attributes to reviewers
in a certification campaign.
- Ability to incorporate instructions to reviewers in each campaign.
- Please see (3) for details about
improvements in IM in 11.1.
- A recommendation engine for group membership:
- Privileged Access Manager:
- A new PAM reference implementation, which incorporates a
team structure for access control and delegates onboarding of
systems and accounts to stake-holders such as application
owners and system administrators.
- Authorized users can now download multiple session recordings
at once, rather than one at a time.
- Please see (4) for details about
improvements in PAM in 11.1.
- A new PAM reference implementation, which incorporates a team structure for access control and delegates onboarding of systems and accounts to stake-holders such as application owners and system administrators.
- Password Manager:
- Improved integration with the Cisco AnyConnect VPN for
users who need to reset a locally cached password while
- Please see (5) for details about
improvements in PM in 11.1.
- Improved integration with the Cisco AnyConnect VPN for users who need to reset a locally cached password while off-site.
Hitachi ID Suite 11.1 screen shots
Configuration export by time/date range
Migration tools are provided with Hitachi ID Suite to extract the configuration of a running system into files and to import those files back into another running system. With 11.1, these tools have been updated:
- The file format is now JSON rather than XML.
- Export tools can select configuration changes by time and date range. Note that this entailed changes to the entire product as all commits to the database must be time-stamped.
Exporting configuration from a time/date range
Improved usability in access certification
A variety of user interface enhancements have been made to access certification screens. This includes an option to insert instructions to certifiers who begin their review, better highlighting of what changed when a review is of profile attributes, capturing and displaying entitlement change history and indicating to reviewers which entitlements are consistent with a given user's peers and which ones are unusual.
Peer groups are defined using identity attributes. For example, users who share location and department codes might be designated as sharing a peer group. Both the request and review UIs leverage peer groups to help requesters and reviewers, respectively, make informed decisions.
Offer reviewers instructions when they start working on a certification segment
Pop-up display of the change history of an entitlement
Highlight which attributes have been modified in the review
Score entitlements based on consistency with peers, drawing attention to those that are unusual
Recommending entitlements to requesters
The same peer groups that identify out-of-pattern entitlements to reviewers can also be used to recommend likely-desired entitlements to requesters. Entitlements that are popular among a given user's peers but not yet assigned to that user are displayed first in the list of available, requestable items.
Score entitlements based on popularity among the peer group and display high-probability items first
Updated mobile activation UI/UX
The user interface of Mobile Access, used both to initially activate the app and later to navigate through either using the app as an authentication factor to sign into the Hitachi ID Suite UI on a PC or as a remote UI rendered on the smart phone, has been updated.
Initial launch -- prior to enrolling a user profile with Mobile Access
Activating Mobile Access by scanning a QR code on the PC