Professional Documents
Culture Documents
Entitlement Administration and Governance: Automation, requests, approvals, recertication, SoD and RBAC.
Agenda
Introductions. Hitachi ID corporate overview. IDM Suite overview. Identity problems and Hitachi ID Identity Manager benets. The HiIM solution. Software demonstration.
Slide Presentation
Hitachi ID delivers access governance and identity administration solutions to organizations globally. Hitachi ID solutions are used by Fortune 500 companies to secure access to systems in the enterprise and in the cloud. Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 1000 customers. More than 12M+ licensed users. Ofces in North America, Europe and APAC. Partners globally.
Slide Presentation
IDM Suite
Slide Presentation
User Provisioning
User provisioning is dened as: Software to create, modify and delete users on different systems. It must include connectors: Directories. Operating systems. Applications. It also has to implement business process: Data synchronization from one system to another. Self-service requests. Authorization workows. Finally, it should enforce policy rules: Login ID assignment. Approvals rules. Segregation of duties.
Slide Presentation
Periodic updates to data mapping users to their managers. Turn-key IVR for password reset and token management. Auto-populate login IDs and synchronized passwords for users.
Slide Presentation
10
IDM Suite
Slide Presentation
11
Management Identity synchronization. Automatic role changes. Applications. Group membership. Prole updates. SoD enforcement. Authorize changes. ID mapping.
Support Password reset. Resolve access denied errors. Password strength. Password expiry.
Deactivation Autotermination. Access certication. Scheduled terminations. Archive mailboxes, home dirs, etc.
Slide Presentation
12
HiIM Features
Automation: Provision joiners, deactivate leavers. Multiple HR feeds.
Security controls: Access certication. RBAC and SoD. Reports on current entitlements, history.
Integrations: 110+ bidirectional connectors, included. Incident management, SIEM, e-mail interfaces. Manage building access, physical assets.
Slide Presentation
13
Detected changes
Auto-provisioning Identity synch.
Identity Cache
Automatic request
Updates
Non-integrated Systems
Requesters
Requests Web UI
- Validate requests - Route for approval - Invite authorizers - Send reminders - Escalate - Delegate
Request Queue
Autofulllment
Work Queue
Manual fulllment
Connectors
Authorizers
Approvals Web UI
Transaction Manager
Invitations
Certifiers
Certification Web UI
Workflow Manager
Implementer Web UI
Accept, conrm
Implementers
Slide Presentation
14
IM Advantages
Integrated solution Administration and governance of identities and entitlements in a single product. Automation: included. Request portal: included. Approvals workow: included. Analytics: included. Certication: included. Scalability Multi-master architecture. Load balanced, replicated. Deploy across data centers. High performance: native code + stored procedures. Technology Most powerful SoD engine. Relationship-based ACLs. Parallel workow optimizes SLA. 110 built-in, bidirectional connectors.
Usability Business-friendly request process using roles, PDRs. Simple e-mail/web authorization. Integrated to Windows shell, SharePoint. One stop shopping: (human + automated fulllment). Multi-lingual.
15
Integrate with:
110+ target system types Call tracking systems HR systems Authentication hardware Meta directories
Enforce:
Password policy Authentication rules Change authorization rules User naming standards
10
Slide Presentation
16
11
Slide Presentation
17
Included Connectors
Servers: Windows NT, 2000, 2003, 2008, 2008R2, Samba, Novell, SharePoint. Mainframes, Midrange: z/OS: RACF, ACF2, TopSecret. iSeries, OpenVMS. Collaboration: Lotus Notes, Exchange, GroupWise, BlackBerry ES.
Databases: Oracle, Sybase, SQL Server, DB2/UDB, Informix, ODBC, Oracle Hyperion EPM Shared Services, Cache. HDD Encryption: McAfee, CheckPoint, BitLocker, PGP. Tokens, Smart Cards: RSA SecurID, SafeWord, RADIUS, ActivIdentity, Schlumberger. Cloud/SaaS: WebEx, Google Apps, MS Ofce 365, Salesforce.com, SOAP (generic).
Unix: Linux, Solaris, AIX, HPUX, 24 more variants. ERP: JDE, Oracle eBiz, PeopleSoft, PeopleSoft HR, SAP R/3 and ECC 6, Siebel, Business Objects. WebSSO: CA Siteminder, IBM TAM, Oracle AM, RSA Access Manager.
Help Desk: ServiceNow, BMC Remedy, SDE, HP SM, CA Unicenter, Assyst, HEAT, Altiris, Clarify, RSA Envision, Track-It!, MS System Center Service Manager
12
Slide Presentation
18
Integration takes a few hours to a few days. Fixed cost service available from Hitachi ID.
19
Multi-Master Architecture
, nix , U 90, D 3 A S/ P, O DA 0 L S40 ve ord A i t Na assw ge n p ha c g Tri ch yn S ord PW ssw ate s) Pa lid er( a V erv
ms ste Sy r ge
r IVR erve S
SQL DB
L/ SQ racle O
Tic ts ke
up ok Lo of m ste d Sy ecor R
g rig &T
nt: ge la a oc hl A wit er RS s t: d m l en ste , o ag Sy Unix e t t o ge 0, s rem c Tar S/39 ce ork ith s, et O rvi w w e t e t s bS em No l Ne We yst P, t S L, SA oca e g Q L Tar D, S A all ew Fir er all ew Fir er erv y S ded) x o Pr f nee (i
r nte e C ata D te mo e R
t ge ms Tar yste S
13
Slide Presentation
20
Secure RPC
Connector
IDWFM Workflow Manager IDTM Transaction Manager PSUPDATE Auto-Discovery IDTRACK Automation Engine IDDB Database Manager
HTTPS
Remote Site
Core Services
IIS or Apache
User Interface
Exits
Target System Hitachi ID Proxy Server Execute
End User
Admin/Config
Oracle or MSSQL
Real-Time Encrypted Replication Stored Procs
Hitachi ID Server
IDM Database
21
14
Slide Presentation
22
Competitive Advantages
Unique features "Provisioning" and "governance" in one product. Access, authorization built around relationships. Self-service from any device, any location. Users can request resources, not groups. SoD engine detects "effective" violations. Scalable platform Real-time data replication. Multi-master architecture. Proxy server to cross rewalls. Stored procedures, native code for speed. Rapid deployment Key features built-in, not custom: Request forms. Authorization workow. Access certication. Auto-discovery. Reports.
A product, not a devel. environment. Integrations 110+ included connectors. Flexible connectors. Built-in implementers workow. Incident management, SIEM, etc.
23
Services are based on extensive experience with the Hitachi ID solution delivery process. The Hitachi ID professional services team is highly technical and have years of experience deploying IAM solutions. Hitachi ID partners with integrators that also offer business process and system design services to mutual customers.
15
Slide Presentation
24
25
16
Slide Presentation
26
Summary
An integrated solution for managing identities and entitlements: Automation: onboarding, deactivation, detect out-of-band changes. Self-service: prole updates, access requests. Delegated management: requests, certication. Policy enforcement: RBAC, SoD, authorization. Analytics: current, historical entitlements. Explicit vs. actual. Patterns. Integrations: 110 bidirectional connectors. Windows, SharePoint, SIEM, help desk. Rapid deployment: built-in screens, workow processes, navigation, ACLs.
27
Try before you buy: Demos, POCs, pilots. Install the software, roll to production. Enroll users, if/as required.
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres Date: September 19, 2013
www.Hitachi-ID.com