• Site Map
• Contact Us

• Home
• Our Company
• News &  Events
• Products
• Services
• Resource Center
• Community

Technology Enforcing Standards

Standardizing Systems Access Setup with ID-Synch

ID-Synch can be used to enforce a variety of security standards when creating new user accounts or managing existing login IDs:

• Assigning unique login IDs

  The most basic task that ID-Synch must complete when creating a new user profile is to assign that user a new, globally-unique login ID.

  ID-Synch can implement any login ID naming system and comes with a built-in system to detect and avoid name collision. Every new user gets a new, globally-unique login ID that meets corporate standards and that is not in current use on any system.

  Standard login IDs have many benefits, including usability: user only has to remember a single login ID; support: IT staff can quickly look up a user's profile; and security: log entries on different systems can be easily correlated.

• Account setup standards

  ID-Synch normally performs account setup by cloning existing accounts on target systems, that have been created specifically to act as templates. Platform administrators get to use their familiar tools to create and manage templates and ID-Synch leverages the detailed setup (attributes, group memberships, home directories, paths, etc.) of template accounts to ensure that all new users are created in compliance with corporate standards.

  Using templates makes it easy for organizations to enforce security standards without having to invest significant effort in managing ID-Synch itself.

  ID-Synch adjusts newly created accounts by setting additional attributes and group memberships. These modifications may be derived from user input, data from systems of record, business rules or a combination of all three. Control over how and when attributes are set to differentiate new users from templates allows organizations to further control the set up of new users.

• System dependencies and order of events

  ID-Synch is configured with dependencies between systems and account types. For example, technical requirements stipulate that a new user be set up with an account on Active Directory before an Exchange mailbox can be set up. In a similar way, business requirements may require that all new users get an ACF2 mainframe login before being provisioned with access to any other systems.

  Dependencies ensure that systems access is always provisioned in a consistent, repeatable sequence.

• Ensuring change authorization

  Changes to user profiles, either centrally on the ID-Synch server or on individual target systems, are subject to approvals by system or application owners, as well as by appropriate managers who have a relationship with a change's requester or recipient.

  Unlike manual processes, ID-Synch change authorization is mandatory and auditable.

© Hitachi ID Systems, Inc. 2008. All rights reserved.