Hitachi ID Systems, Inc.

Hitachi

Overview Animations
Hitachi ID Systems Web Feeds Follow Us on Twitter Follow us on LinkedIn
certification

Product Sites

Hitachi ID Identity Manager Animations

Automatic provisioning (scheduled batch process)


Play movie

Content:

  • A new employee is added to an HR application.
  • A batch process is triggered manually (just for demos -- normally it is scheduled).
  • Accounts for the new user are automatically created on AD and elsewhere.

Key concepts:

  • Automation is typically a batch process that runs at least once daily.
  • Business logic determines what to do when user records are added to, removed from or changed on each system of record.
  • Most suitable for coarse-grained (i.e., hire/fire) changes detected on HR systems.
  • Can also automate synchronization of identity attributes between systems.

Fill in a form: request access for a new contractor


Play movie

Content:

  • This video shows how a manager can request access for a new contractor using a self-service form.

Key concepts:

  • While employees are normally auto-provisioned based on an HR feed, contractors typically are not.
  • Validation of the request form and routing to authorizers for approval happens next (separate recordings).

Check status of an open request


Play movie

Content:

  • The person who entered a request can check on progress as often as desired.

Key concepts:

  • In general, every participants to a request -- the requester, recipient and authorizers, can view its current status.
  • Participants get e-mails with a URL of the status page.

Authorization process using E-mail invitations and web approval


Play movie

Content:

  • An authorizer is invited to review and either approve or reject a change request.
  • Approvals take place via a secure, authenticated web form.

Key concepts:

  • Multiple authorizers can be invited at the same time.
  • Approval by N of M people is standard.
  • Reminders are automatically sent to non-responsive authorizers.
  • Escalation and delegation can replace non-responsive authorizers.

Reports -- users and accounts


Play movie

Content:

  • List of users, with and without identity attributes
  • List of accounts on a given system.

Key concepts:

  • The simplest reports in any IAM system are lists of users and accounts.
  • Built-in Hitachi ID Identity Manager reports can enumerate users, attributes, accounts, group memberships, roles and more.

Reports -- orphan and dormant accounts


Play movie

Content:

  • Shows accounts with no known owner.

Key concepts:

  • Built-in reports make it easy to find orphan and dormant accounts:
    • Orphan users are user profiles with no login accounts.
    • Orphan accounts have no known owner.
    • Dormant accounts have had no recent login activity.
    • Dormant profiles have all-dormant accounts.

Reports -- violations of segregation of duties rules


Play movie

Content:

  • Finds users who violate any segregation of duties (SoD) rule.
  • Finds users whose violation of an SoD rule has been approved.

Key concepts:

  • SoD reports are a detective control -- i.e,. they find already-existing violations.
  • There is also a preventive control, embedded in the change request workflow.
  • SoD violations may be approved, for example if they are a legitimate situation that the policy did not take into account.

Reports -- detailed change history


Play movie

Content:

  • Displays all changes made to users, accounts and groups as a result of workflow requests.

Key concepts:

  • Change requests are retained indefinitely.
  • Details including what changed, who requested the change and who authorized it are accessible via built-in reports.
  • Changes detected on target systems (i.e., not initiated by Identity Manager) are also available.