Hitachi ID Group Manager: Reduce support cost with self-service AD group management


Published on

Hitachi ID Group Manager:

Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications.

Self service management of security group membership.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Hitachi ID Group Manager: Reduce support cost with self-service AD group management

  1. 1. 1 Hitachi ID Group Manager Managing the User Lifecycle Across On-Premises and Cloud-Hosted ApplicationsSelf service management of security group membership.2 Agenda • Introductions. • Hitachi ID corporate overview. • ID Management Suite overview. • Managing membership in large numbers of AD groups. • The Hitachi ID Group Manager solution. • Animated demonstration. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
  2. 2. Slide Presentation3 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity and access management solutions. • Founded as M-Tech in 1992. • A division of Hitachi, Ltd. since 2008. • Over 900 customers. • More than 11M+ licensed users. • Offices in North America, Europe and APAC. • Partners globally.4 Representative Hitachi ID Customers © 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
  3. 3. Slide Presentation5 ID Management Suite6 Problem: Too Many Security Groups Medium to large AD environments have It is challenging to manage group thousands of security groups: membership on this scale: • Control access to printers, shares and • User needs constantly change. folders. • Users do not understand groups or ACLs. • Membership in mail distribution lists. • Users don’t know which groups they need. • Who authorizes membership in each group? © 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
  4. 4. Slide Presentation7 Group Manager: Self service management of security group mem- bership • Hitachi ID Group Manager enables users to request access to network resources such as applications or file folders using an intuitive Web-based interface. • Behind the scenes, Group Manager creates requests for security group membership and automatically tracks authorization by the appropriate stake-holders. • Group Manager makes administration of security entitlements simple and efficient and so fosters collaboration and reduces security administration workload.8 Group Manager FeaturesHitachi ID Group Manager enables self service administration of user access to network resources –shares, folders, etc.: • Intercept: – The Windows "Access Denied" error dialog and send users to the appropriate workflow / group membership request screen. • Browse: – Users find the resources they want using Group Manager. • Request: – Users ask for access to a resource (no knowledge of groups required). • Map: – Group Manager maps user requests to group membership. • Route: – A workflow request is created dynamically and sent to the group’s owner plus anyone else specified by policy. • Provision: – Upon approval, the user is added to the appropriate group. • Notify: – Users and authorizers are sent thank-you notes. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
  5. 5. Slide Presentation9 The 50/50 RuleA simple rule that illustrates cost savings from each Hitachi ID Group Manager feature: Net help desk Feature Impact workload reduction Self-service access requests: Eliminates 50% of calls. 50% Simplified resolution of Shortens call duration by 75% access problems: 50%. Net workload Scenario Impact reduction Conservative estimate: 50/50 75% Optimized deployment: 60/80 92%10 Multi-Master Architecture , nix , U 0, AD S/39 P, d O DA 0 e tiv or L S40 d, Na assw ge A st e p han Password -ho pps User c Synch ud a Trigger Target Systems Clo aaS Systems S with local agent: OS/390, Unix, PW Reverse ate Hitachi ID older RSA lid Web Proxy Va Application VPN s Target Systems Server(s) ce Server rvi with remote agent: IVR SQL b Se Server DB We AD, SQL, SAP, Notes, etc ork Load SQL etw Balancer DB lN ca ails Lo Target Systems Em r nte SQL/Oracle Firewall SMTP or ke ts r a Ce Notes Mail Tic ge t Da g Tri Incident up & te TCP/IP + AES Management Lo ok mo Various Protocols System System of Firewall Re Record Proxy Server Secure Native Protocol (if needed) HTTPS © 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
  6. 6. Slide Presentation11 Windows access denied dialog leading to group membership re- questAnimation: ../pics/camtasia/shell-extension/A-Request-Folder.cam412 Authorization of a request for security group membershipAnimation: ../pics/camtasia/shell-extension/B-Request-Approve.cam413 Request approved, user can access the folderAnimation: ../pics/camtasia/shell-extension/C-approve-open-file.cam414 ID Management Suite Overview • Hitachi ID Group Manager is a component of ID Management Suite. • ID Management Suite is designed to streamline management of users and passwords for enterprise users. • A rich suite of identity and access management products, with over 11M licensed users, that can: – Discover and connect user objects from every system. – Streamline administration of users, entitlements and login credentials. – Construct and maintain OrgChart data. – Secure access to privileged accounts on thousands of systems. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
  7. 7. Slide Presentation 15 Summary Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively manage membership in large numbers of Active Directory groups: • Users focus on network resources, not groups. • Group owners, not IT, authorize requests for resource access. • IT security administrators manage the process, not individual requests. • Auditors can monitor current group membership and how users came to have the rights they do. Learn more at ... or ... E-mail sales@Hitachi-ID.com500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: File: Date: March 1, 2012