• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Core Products
  • Add-On Products
  • Download Trial Software
  • Releases
  • Common Criteria Certification
• Solutions
  • Reduce IT Support Cost
  • Improve User Service
  • Security, Governance and Regulatory Compliance
• Support
  • Customer Portal
  • Request Support Help
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • Technology
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • White Papers
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Partner Programs

Features

  

Identity and Access Management Features

Identity Manager can make the following updates on over 70 types of systems:

• Enumerate users and groups on the target system.
• Create new and delete existing login accounts.
• Read and write the identity attributes associated with a user object.
• Read and set flags, such as "account enabled/disabled," "account locked," and "intruder lockout."
• Change the login ID of an existing account (rename user). (note)

• Read a user's group memberships.
• Read a list of a group's member users.
• Add a user to or remove a user from a group.
• Create, delete and set the attributes of a group.
• Move a user between directory organizational units (OUs).

Identity Manager implements the following business processes to drive updates to users and entitlements on managed systems:

• Automation: copies changes from one system to another.
• Self service: delegates change requests and approvals to users.
• Consolidation: allows administrators to manage multiple systems at once.
• Delegation: empowers departmental or regional administrators with limited authority.
• Fulfillment: gives other systems the ability to manage users through Identity Manager.

Read more:

• Automated User Administration:
  Automated propagation of changes to user profiles from systems of record to managed systems.
• Self-Service Workflow:
  A self-service workflow allows users to request changes to their own or other user profiles. Changes are routed to authorizers, approved and acted automatically applied to managed systems.
• Identity Synchronization:
  Identity Manager can synchronize identity data between multiple systems.
• Consolidated and Delegated User Administration:
  Consolidated user administration allows security administrators to manage users across multiple systems from a single administration console. Delegated usr administration allows organizations to securely distribute user administration responsibilities to regional or departmental IT staff or managers.
• Role Based Access Control:
  Features in Identity Manager which support management of user entitlements using role-based access control.
• Enforce SoD Policy:
  Identity Manager allows organizations to define segregation of duties policies -- toxic combinations of entitlements that no one user should possess. It can then find users who already have these combinations and prevent users from newly acquiring them.
• Standardizing User Entitlements:
  How Identity Manager standardizes the configuration and entitlements of login accounts.
• AD Group Management:
  Self-service management of thousands of AD groups using the built-in component Group Manager.
• OrgChart Management:
  Self-service construction and maintenance of OrgChart data using the built-in component Org Manager.
• Reports on Users and Entitlements:
  Identity Manager enables organizations to report on user access to systems, and user entitlements, spanning every system on the network.
• Federation / Inbound API:
  Identity Manager can act on behalf of another identity management system, such as a workflow engine or a meta directory, extending its reach to new target systems.

© Hitachi ID Systems, Inc. . All rights reserved.