• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Password Manager
  • Download evaluation
  • Releases
  • CC Certification
• Solutions
  • Security, Governance and Regulatory Compliance
  • Reduce IT Support Cost
  • Improve User Service
• Support
  • Shipping products
  • Supported versions
  • Customer Portal
  • Create Incident
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Certified Resellers
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Partner Programs

Products

  

Hitachi ID Identity Manager

Overview:

Hitachi ID Identity Manager is a complete user provisioning solution that automates and simplifies the routine tasks of managing users and entitlements across multiple systems and applications. Organizations depend on Identity Manager to ensure that their users get appropriate access rights promptly and are deprovisioned reliably and completely.

Identity Manager implements the following business processes to drive administrative updates to users and entitlements:

• Automation: grant or revoke access based on data feeds.
• Synchronization: keep identity attributes consistent across applications.
• Self service: empower users to update their own profiles.
• Delegated administration: allow business stake-holders to request changes directly.
• Workflow: invite business stake-holders to review and either approve or reject proposed changes.

Features:

Identity Manager enables automated, self-service and policy-driven management of users and entitlements with:

• Auto-provisioning and auto-deactivation:

  Identity Manager can monitor one or more systems of record (typically HR applications) and detect changes, such as new hires and terminations. It can make matching updates to other systems when it detects changes, such as creating login accounts for new employees and deactivating access for departed staff.

• Identity synchronization:

  Identity Manager can combine identity information from different sources -- HR, corporate directory, e-mail system and more into a master profile that captures all of the key information about every user in an organization. It can then write updates back to integrated systems, to ensure that identity attributes are consistent. This feature is used to automatically propagate updates to data such as names, phone numbers and addresses from one system to another.

• Self-service updates:

  Users can sign into the Identity Manager web UI and make updates to their own profiles. This includes changes to their contact information and requests for new access to applications, shares, folders, etc.

• Delegated administration:

  Business stake-holders, such as managers, application owners and data owners can sign into the Identity Manager web UI and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.

• Access certification:

  Business stake-holders may be periodically invited to review the users and security entitlements within their scope of authority. They must then either certify that each user or entitlement remains appropriate or flag it for removal. Access certification is an effective strategy for removing security entitlements that are no longer needed.

• Authorization workflow:

  All change requests processed by Identity Manager, regardless of whether they originated with the auto-provisioning engine, the identity synchronization engine, with self-service profile updates or with the delegated administration module may be subject to an authorization process before being completed. The built-in workflow engine is designed to elicit prompt and reliable feedback from business users, using:

  • Concurrent invitations to multiple users to review a request.
  • Approval by N of M authorizers.
  • Automatic reminders.
  • Escalation from non-responsive authorizers to their alternates.
  • Delegation of approval responsibility.

• Policy enforcement:

  Identity Manager can be used to enforce a variety of policies regarding the assignment of security entitlements to users, including:

  • Role based access control, where security entitlements are grouped into roles, which can be assigned to users.
  • Segregation of duties, which defines mutually-exclusive sets of security entitlements.
  • Template accounts, which define how new users are to be provisioned.
  • Rules for the composition of new IDs, such as login IDs, e-mail addresses, OU directory contexts and more.

• Reports:

  Identity Manager includes a rich set of built-in reports, designed to answer a variety of questions, such as:

  • What users have entitlement X?
  • What entitlements does user Y have?
  • Who authorized entitlement Z for user W?
  • When did user A acquire entitlement B?
  • Who requested and who authorized entitlement B for user A?
  • What accounts have no known owner (orphaned)?
  • What users have no accounts (empty profiles)?
  • What accounts have recent login activity (dormant)?
  • What users have no active accounts (dormant)?

• Automated connectors and human implementers:

  Identity Manager can be integrated with existing systems and applications using a rich set of over 100 included connectors. This allows it to automatically provision, update and deprovision access across commonly available systems and applications.

  Organizations may opt to integrate custom and vertical-market applications with Identity Manager by using the included flexible connectors. Alternately, the built-in "implementers" workflow can be used to invite human administrators to make approved changes to users and entitlements on those systems.

• Unified management of logical access and physical assets:

  Identity Manager includes an inventory tracking system, making it suitable for managing requests for physical assets as well as logical access. For example, types and inventories of building access badges, laptops, phones and other devices can be tracked, requested, authorized and delivered using Identity Manager.

Benefits:

Identity Manager strengthens security by:

• Quickly and reliably removing access to all systems and applications when users leave an organization.
• Finding and helping to clean up orphan and dormant accounts.
• Assigning standardized access rights, using roles and rules, to new and transitioned users.
• Enforcing policy regarding segregation of duties and identifying users who are already in violation.
• Ensuring that changes to user entitlements are always authorized before they are completed.
• Asking business stake-holders to periodically review user entitlements and either certify or remove them, as appropriate.
• Reducing the number and scope of administrator-level accounts needed to manage user access to systems and applications.
• Providing readily accessible audit data regarding current and historical security entitlements, including who requested and approved every change.

Identity Manager reduces the cost of managing users and security entitlements:

• Auto-provisioning and auto-deactivation leverage data feeds from HR systems to eliminate routine, manual user setup and tear-down.
• Self-service eliminates IT involvement in simple updates to user names, phone numbers and addresses.
• Delegated administration moves the responsibility for requesting and approving common requests, such as for new application or folder access, to business users.
• Identity synchronization means that corrections to user information can be made just once, on an authoritative system, and are then automatically propagated to other applications.
• Built-in reports make it easier to answer audit questions, such as "who had access to this system on this date?" or "who authorized this user to have this entitlement?"

© Hitachi ID Systems, Inc. . All rights reserved.