1 Hitachi ID Group Manager
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Full lifecycle management of groups and memberships.
2 Agenda
• Introductions.• Hitachi ID corporate overview.• Hitachi ID Suite overview.• Managing group lifecycle and membership at scale.• The Hitachi ID Group Manager solution.• Animated demonstration.
© 2020 Hitachi ID Systems, Inc. All rights reserved. 1
Slide Presentation
3 Hitachi ID corporate overview
Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID IAM solutions are used by Fortune500companies to secure access to systemsin the enterprise and in the cloud.
• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1200 customers.• More than 14M+ licensed users.• Offices in North America, Europe and
APAC.• Global partner network.
© 2020 Hitachi ID Systems, Inc. All rights reserved. 2
Slide Presentation
4 Representative customers
© 2020 Hitachi ID Systems, Inc. All rights reserved. 3
Slide Presentation
5 Hitachi ID Suite
6 Problem: Too many security groups
• Medium to large organizations have directories with thousands of groups:
– AD and LDAP.– Security groups and mail distribution lists.
• Challenging to manage at scale:
– Requests to create new groups (do users know what to ask for?).– Ambiguous authorization process (who owns? who approves?).– Calculated versus requested membership.– When should groups be deleted/archived?– When should memberships expire?– Nesting / hierarchy? Loops?– Appropriate metadata (owner, description, risk, ...).
© 2020 Hitachi ID Systems, Inc. All rights reserved. 4
Slide Presentation
7 Group lifecycle management
• Hitachi ID Group Manager can manage both groups (create, manage) and membership (assign,revoke) in AD, LDAP and other systems.
• Group Manager enables users to request access to resources such as folders or SharePoint sitesand easily select groups.
• Group membership can be either requested/approved and later reviewed/revoked or automaticallycalculated.
• Analytics are included to find duplicate, too-small or rarely-changing groups and help clean up.• Easier group management fosters collaboration and reduces administration overhead.
8 HiGM features
Hitachi ID Group Manager enables self-service administration of groups and access to resources likeshares and folders:
• Group lifecycle:
– Create new groups and manage existing ones.
• Navigate:
– Intercept "Access Denied" error messages and help users navigate to requests for anappropriate group.
• Request:
– Group create, modify and delete.– Changes to metadata such as ownership and description.– Add/remove members.
• Authorize:
– Changes by a workflow request is created dynamically and sent to the group’s owner plusanyone else specified by policy.
• Provision:
– Upon approval, create/modify a group or add/revoke members.
© 2020 Hitachi ID Systems, Inc. All rights reserved. 5
Slide Presentation
9 Active-active architecture
“Cloud”
Reverse
web
proxyVPN server
IVR server
Load
balancers
system
Ticketing
system
HR
Hitachi ID
servers
Hitachi ID
servers
Firewalls
Proxy server
(if needed)
Mobile
proxy
SaaS apps
Managed
endpoints
Managed endpoints
with remote agent:
AD, SQL, SAP, Notes, etc
z/OS - local agent
MS SQL databases
Password synch
trigger systems
Native password
change
ManageMobile UI
AD, Unix, z/OS,
LDAP, iSeries
Validate pw
Replication
System of
record
Tickets
Notifications
and invitations
Data c
enter A
Data c
enter B
Remote
data
cente
r
TCP/IP + AES
Various protocols
Secure native protocol
HTTPS
10 Self service creation of a new Active Directory group
Animation: ../../pics/camtasia/suite11/higm-group-create.mp4
11 Request membership in group
Animation: ../../pics/camtasia/suite11/higm-join-single-group.mp4
© 2020 Hitachi ID Systems, Inc. All rights reserved. 6
Slide Presentation
12 Add/remove multiple group members
Animation: ../../pics/camtasia/suite11/higm-add-remove-members.mp4
13 Change child groups
Animation: ../../pics/camtasia/suite11/higm-update-child-groups.mp4
14 Change group ownership
Animation: ../../pics/camtasia/suite11/higm-change-owners.mp4
15 Intercept ’Access denied’ dialogs
Animation: ../../pics/camtasia/suite11/higm-A-request-folder.mp4
16 Request approval
Animation: ../../pics/camtasia/suite11/higm-B-request-approve.mp4
© 2020 Hitachi ID Systems, Inc. All rights reserved. 7
Slide Presentation
17 Request approved, user can open folder
Animation: ../../pics/camtasia/suite11/higm-C-approved-open-file-nb.mp4
18 Group request via comparison
Animation: ../../pics/camtasia/suite11/hiim-request-groups-model-after.mp4
19 Group membership certification
Animation: ../../pics/camtasia/suite11/higm-cert-membership.mp4
20 Hitachi ID Suite overview
• Hitachi ID Group Manager is a component of Hitachi ID Suite.• Hitachi ID Suite streamlines management of identities, accounts, groups, roles and credentials in
medium to large organizations.• Three integrated IAM products, licensed to over 14M users, that can:
– Discover and connect identities across systems and applications.– Securely and efficiently manage identities, groups, entitlements and credentials.– Secure and monitor access to privileged accounts.– Provide strong authentication and federated sign-on.
© 2020 Hitachi ID Systems, Inc. All rights reserved. 8
Slide Presentation
21 Summary
Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively manage largenumbers of Active Directory or LDAP groups:
• Manage groups as well as their membership.• Access requests can start with a resource like a share or folder, rather than requiring that users
understand groups or access rights.• Move change requests and approvals out of IT, to the business.• Security staff and auditors focus on process integrity rather than individual requests.
Learn more at hitachi-id.com/identity-manager/features/group-management.html.... or ... E-mail [email protected]
hitachi-id.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 E-Mail: [email protected]
Date: 2020-03-23 | 2020-03-23 File: PRCS:pres