• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Core Products
  • Add-On Products
  • Download Trial Software
  • Releases
  • Common Criteria Certification
• Solutions
  • Reduce IT Support Cost
  • Improve User Service
  • Security, Governance and Regulatory Compliance
• Support
  • Customer Portal
  • Request Support Help
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • Technology
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • White Papers
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Partner Programs

Features AD Group Management

  

AD Group Management

Hitachi ID Group Manager is a component of Hitachi ID Management Suite which is automatically enabled for every Identity Manager licensee.

Overview:

Group Manager is a self-service solution that enables business users to manage security groups.

Security groups are used by systems and applications to determine what a user has access to. For example, in a Windows environment, user membership in Active Directory groups determines what shares, folders, printers, e-mail distribution lists and other network resources a user can access.

While IT staff generally understand security groups, most business users do not. This makes the interaction between business users and IT staff slow and frustrating for both parties.

The Group Manager user interface enables business users to request things they understand (e.g., access files on a given folder or send documents to a given printer). Group Manager automatically identifies the groups a user would require to perform the desired action and submits an appropriate workflow request to the appropriate group owner or other authorizer, asking for the relevant group membership.

Group Manager improves user service, reduces IT support cost and delay and ensures that group membership is appropriately authorized before being granted.

Features:

Group Manager is a component of the Hitachi ID Management Suite designed to streamline user requests to network resources.

Using Group Manager, users sign into a secure web application and request new access to a network resource, such as a share, folder, printer or mail distribution list. From the Group Manager web form, users first select a resource container (examples: share; directory OU) and then use a tree view to browse for a specific resource (examples: folder, mail DL). Once they have selected a resource, users simply submit the request.

Once the user has selected a resource, Group Manager:

• Dynamically maps the user resource selection to a specific managed target system and to a security group on that system.

• Determines whether the security group is already under Group Manager access control and if not automatically adds the group to its workflow system.

• Checks whether at least one authorizer is already available for the group and if not automatically extracts a new authorizer list from the managed system itself (e.g., identifies the group's owners).

• Initiates a workflow request, asking the appropriate authorizer(s) whether the user should be allowed to join the group in question.

The Group Manager workflow system automatically tracks change authorization and adds the user to the requested group if and when the proposed change is approved.

Benefits:

Group Manager:

• Is ideal for contractors or employees who are given short term assignments and need to be quickly provisioned with security privileges that pertain to their new assignment or project.
• Reduces workload on IT administrators by offloading group membership management to users.
• Improves productivity for all users who need to access network resources to which they did not previously have rights.

Technology:

Group Manager can be used to manage many different types of resources. A plug-in program binds Group Manager to a specific type of resource, such as Windows shares, whose access is mediated by membership in an Active Directory group. Other resources include network printers and mail distribution lists.

The description is best clarified with a concrete example:

	User	Group Manager	Resource-Type Plug-in	Target System
1	Sign in using a network login ID and password.	Validate credentials
2	Initiate a new resource-access request.
3		Display a list of descriptive names for configured Windows file servers and shares.
4	Select a share.
5		Display a tree view of folders in the selected shares
6	Browse for and select a folder where access is desired.	Interactive tree view display	Iteratively provide a list of sub-directories from the selected share.
7	Select a set of privileges and an authorizer to request.	..Display and user input..	Provide a list of groups that have privileges on the share and the security privileges each one has been assigned. (read-only? read-write? etc.) One or more owners (authorizers) are provided for each group.
8		Workflow to track change authorization
9		(Change approved) Run agent to update the user's group membership. Send a confirmation e-mail to the user and to all owner/authorizers.		Updated privileges. User can now access the folder.

 

Simple configuration:

Group Manager is very simple to configure and manage. For example, to configure it to manage group membership in Active Directory, to enable users to gain access to group-controlled file folders, one need only:

• Set up Active Directory as a Identity Manager target system.
• Enter the base UNC for each share in which Group Manager will manage access.
• Ensure that the owner field is correctly populated on each AD user group.

Top of Page

© Hitachi ID Systems, Inc. . All rights reserved.