• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Password Manager
  • Download evaluation
  • Releases
  • CC Certification
• Solutions
  • Security, Governance and Regulatory Compliance
  • Reduce IT Support Cost
  • Improve User Service
• Support
  • Shipping products
  • Supported versions
  • Customer Portal
  • Create Incident
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Certified Resellers
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Partner Programs

Features

  

Hitachi ID Identity Manager Features

Hitachi ID Identity Manager enables automated, self-service and policy-driven management of users and entitlements with:

• Auto-provisioning and auto-deactivation:

  Identity Manager can monitor one or more systems of record (typically HR applications) and detect changes, such as new hires and terminations. It can make matching updates to other systems when it detects changes, such as creating login accounts for new employees and deactivating access for departed staff.

• Identity synchronization:

  Identity Manager can combine identity information from different sources -- HR, corporate directory, e-mail system and more into a master profile that captures all of the key information about every user in an organization. It can then write updates back to integrated systems, to ensure that identity attributes are consistent. This feature is used to automatically propagate updates to data such as names, phone numbers and addresses from one system to another.

• Self-service updates:

  Users can sign into the Identity Manager web UI and make updates to their own profiles. This includes changes to their contact information and requests for new access to applications, shares, folders, etc.

• Delegated administration:

  Business stake-holders, such as managers, application owners and data owners can sign into the Identity Manager web UI and request changes to security entitlements. For example, a manager might ask for application access for an employee or schedule deactivation of a contractor's profile.

• Access certification:

  Business stake-holders may be periodically invited to review the users and security entitlements within their scope of authority. They must then either certify that each user or entitlement remains appropriate or flag it for removal. Access certification is an effective strategy for removing security entitlements that are no longer needed.

• Authorization workflow:

  All change requests processed by Identity Manager, regardless of whether they originated with the auto-provisioning engine, the identity synchronization engine, with self-service profile updates or with the delegated administration module may be subject to an authorization process before being completed. The built-in workflow engine is designed to elicit prompt and reliable feedback from business users, using:

  • Concurrent invitations to multiple users to review a request.
  • Approval by N of M authorizers.
  • Automatic reminders.
  • Escalation from non-responsive authorizers to their alternates.
  • Delegation of approval responsibility.

• Policy enforcement:

  Identity Manager can be used to enforce a variety of policies regarding the assignment of security entitlements to users, including:

  • Role based access control, where security entitlements are grouped into roles, which can be assigned to users.
  • Segregation of duties, which defines mutually-exclusive sets of security entitlements.
  • Template accounts, which define how new users are to be provisioned.
  • Rules for the composition of new IDs, such as login IDs, e-mail addresses, OU directory contexts and more.

• Reports:

  Identity Manager includes a rich set of built-in reports, designed to answer a variety of questions, such as:

  • What users have entitlement X?
  • What entitlements does user Y have?
  • Who authorized entitlement Z for user W?
  • When did user A acquire entitlement B?
  • Who requested and who authorized entitlement B for user A?
  • What accounts have no known owner (orphaned)?
  • What users have no accounts (empty profiles)?
  • What accounts have recent login activity (dormant)?
  • What users have no active accounts (dormant)?

• Automated connectors and human implementers:

  Identity Manager can be integrated with existing systems and applications using a rich set of over 113 included connectors. This allows it to automatically provision, update and deprovision access across commonly available systems and applications.

  Organizations may opt to integrate custom and vertical-market applications with Identity Manager by using the included flexible connectors. Alternately, the built-in "implementers" workflow can be used to invite human administrators to make approved changes to users and entitlements on those systems.

• Unified management of logical access and physical assets:

  Identity Manager includes an inventory tracking system, making it suitable for managing requests for physical assets as well as logical access. For example, types and inventories of building access badges, laptops, phones and other devices can be tracked, requested, authorized and delivered using Identity Manager.

Read more:

• Automated Provisioning and Deactivation:
  Automated propagation of changes to user profiles from systems of record to managed systems.
• Identity Synchronization:
  Identity Manager can synchronize identity data between multiple systems.
• Self-Service Updates:
  A self-service portal allows users to update their profiles and request access to applications and resources.
• Delegated User Administration:
  Business stake-holders such as application owners and managers can use Hitachi ID Identity Manager to manage users and entitlements without involving IT.
• Access Certification:
  Access certification -- a periodic review and cleanup of users and entitlements.
• Authorization Workflow:
  All change requests, regardless of where they originated, may be subject to approvals before being implemented.
• Role Based Access Control:
  Features in Identity Manager which support management of user entitlements using role-based access control.
• Enforce SoD Policy:
  Identity Manager allows organizations to define segregation of duties policies -- toxic combinations of entitlements that no one user should possess. It can then find users who already have these combinations and prevent users from newly acquiring them.
• Standardizing User Entitlements:
  How Identity Manager standardizes the configuration and entitlements of login accounts.
• Self service management of security group membership:
  Self-service management of thousands of AD groups using the built-in component Group Manager.
• Delegated construction and maintenance of Orgchart data:
  Self-service construction and maintenance of OrgChart data using the built-in component Org Manager.
• Reports on Users and Entitlements:
  Identity Manager enables organizations to report on user access to systems, and user entitlements, spanning every system on the network.
• Automated connectors and human implementers:
  A rich set of connectors and a built-in process to invite system administrators support rapid deployment of the solution to all systems and applications.

© Hitachi ID Systems, Inc. . All rights reserved.