Active Directory is the most popular directory product for medium to large organizations, in large part because it is closely integrated with Windows PCs and Exchange e-mail systems.

As with any directory, the bulk of administration workload related to the directory is associated with managing identities and security entitlements in the directory.

User and entitlement management is the result of business processes which reflect changes in business needs into the IT infrastructure. These processes may include:

  • Automation:
    Detect adds, changes and deletions in a system of record (SoR, such as HR) and make matching changes -- create accounts, grant/revoke access, etc. on integrated systems and applications.
  • Self-service requests:
    Enable users to update their own profiles (e.g., new home phone number) and to request new entitlements (e.g., access to an application or folder).
  • Delegated administration:
    Enable managers, application owners and other stake-holders to request changes to identities and entitlements within their scope of authority.
  • Access certification:
    Periodically invite managers and application or data owners to review users and security entitlements within their scope of authority, flagging inappropriate entries for removal.
  • Identity synchronization:
    Detect changes to attributes, such as phone numbers or department codes on one system and automatically copy to others.
  • Authorization workflow:
    Validate all proposed changes, regardless of their origin and invite business stake-holders to approve them before they are committed.

Hitachi ID Identity Manager enables organizations to automate the administration of identities and entitlements in Active Directory. Hitachi ID Password Manager enables organizations to automate the administration of credentials -- most commonly passwords -- in Active Directory.

Return to Identity Management Concepts