A connector is a software agent used by an IAM system to:

  • Get a list of accounts, identity attributes and security entitlements from an integrated target system of a specific type.
  • Create new and modify existing accounts on the same type of target system.
  • Attach users to and remove users from security groups on the same type of system.
  • Set new and modify existing identity attributes on the same type of system.
  • Enable, disable, move, rename, reset passwords or otherwise modify accounts on the same type of system.

Connectors allow IAM systems and password management systems to complete approved changes automatically, thus reducing IT security workload and improving user service.

Some access governance software only include what they refer to as either "uni-directional" connectors or, equivalently, collectors. These can read current state about users and entitlements from target systems, but cannot write changes back. Most modern IAM systems include "bi-directional" connectors, which can both read from and write to target systems.

Hitachi ID Identity and Access Management Suite comes with connectors for many popular systems and applications. All connectors are included in the base price and almost all of them can both read (discover accounts, entitlements, attributes) and write (passwords, attributes, accounts, groups, etc.).

Out-of-the-box connectors

Directories: Databases: Server OS -- X86/IA64:
Active Directory and Azure AD; any LDAP; NIS/NIS+ and eDirectory. Oracle; SAP ASE and HANA; SQL Server; DB2/UDB; Hyperion; Caché MySQL; OLAP and ODBC. Windows: NT thru 2016; Linux and *BSD.
Server OS -- Unix: Server OS -- Mainframe: Server OS -- Midrange:
Solaris, AIX and HP-UX. RAC/F, ACF/2 and TopSecret. iSeries (OS400); OpenVMS and HPE/Tandem NonStop.
ERP, CRM and other apps: Messaging & collaboration: Smart cards and 2FA:
Oracle EBS; SAP ECC and R/3; JD Edwards; PeopleSoft; Salesforce.com; Concur; Business Objects and Epic. Microsoft Exchange, Lync and Office 365; Lotus Notes/Domino; Google Apps; Cisco WebEx, Call Manager and Unity. Any RADIUS service or SAML IdP; Duo Security; RSA SecurID; SafeWord; Vasco; ActivIdentity and Schlumberger.
Access managers / SSO: Help desk / ITSM: Drive encryption:
CA SiteMinder; IBM Security Access Manager; Oracle AM; RSA Access Manager and Imprivata OneSign. ServiceNow; BMC Remedy, RemedyForce and Footprints; JIRA; HPE Service Manager; CA Service Desk; Axios Assyst; Ivanti HEAT; Symantec Altiris; Track-It!; MS SCS Manager and Cherwell. Microsoft BitLocker; McAfee; Symantec Endpoint Encryption and PGP; CheckPoint and Sophos SafeGuard.
Server health monitoring: HR / HCM: Extensible / scriptable:
HP iLO, Dell DRAC and IBM RSA. WorkDay; PeopleSoft HR; Ultipro; SAP HCM and SuccessFactors. CSV files; SCIM; SSH; Telnet/TN3270/TN5250; HTTP(S); SQL; LDAP; PowerShell and Python.
Hypervisors and IaaS: Mobile management: Network devices:
AWS; vSphere and ESXi. BlackBerry Enterprise Server and MobileIron. Brocade Fabric OS; CheckPoint SecurePlatform; Cisco ACS, ASA, IOS, Nexus and PIX; Dell DRAC; F5 BigIP; HP iLO; HP Procurve; IBM RSA; Juniper JunOS and ScreenOS; PaloAlto firewalls and Riverbed SteelHead.
Filesystems and content: SIEM: Management & inventory:
Windows/CIFS/DFS; SharePoint; Samba; Hitachi Content Platform and HCP/Anywhere; Box.com and Twitter. Splunk; ArcSight; RSA Envision and QRadar. Any SIEM supporting SYSLOG or Windows events. Qualys; McAfee ePO and MVM; Cisco ACS; ServiceNow ITAM; HP UCMDB; Hitachi HiTrack.

Scripted connectors

In addition to built-in connectors to common, off-the-shelf systems and applications, Hitachi ID Identity and Access Management Suite also includes a number of flexible connectors, each of which is used to script integration with a common protocol or mechanism. These connectors allow organizations to quickly and inexpensively integrate Hitachi ID Identity and Access Management Suite with custom and vertical market applications.

There are flexible connectors to script interaction with:

API binding:

Terminal emulation:

Web services:

Back end integration:


  • C, C++
  • Java, J2EE
  • .NET
  • COM, ActiveX
  • MQ Series

  • SSH
  • Telnet
  • TN3270, TN5250
  • Simulated browser

  • SOAP
  • REST
  • Pure HTTP(S)

  • SQL Injection
  • LDAP attributes

  • Windows
  • Power Shell
  • Unix/Linux

Organizations that wish to develop a completely new connector to integrate with a custom or vertical market application may do so using whatever development environment they prefer (Python, J2EE, .NET, etc.) and invoke it as either a command-line program or web service.

If organization develops their own integrations, an effort of between four hours and four days is typical. Alternately, Hitachi ID Systems offers fixed-cost custom integrations for a nominal fee.

Return to Identity Management Concepts