Hitachi ID Identity Manager: Detailed presentation


Published on

Hitachi ID Identity Manager:

Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications.

User provisioning, RBAC, SoD and access certification.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Hitachi ID Identity Manager: Detailed presentation

  1. 1. 1 Hitachi ID Identity Manager Managing the User Lifecycle Across On-Premises and Cloud-Hosted ApplicationsUser provisioning, RBAC, SoD and access certification.2 Agenda • Introductions. • Hitachi ID corporate overview. • ID Management Suite overview. • Identity problems and Hitachi ID Identity Manager benefits. • The HiIM solution. • Software demonstration. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
  2. 2. Slide Presentation3 Hitachi ID Corporate Overview Hitachi ID is a leading provider of identity and access management solutions. • Founded as M-Tech in 1992. • A division of Hitachi, Ltd. since 2008. • Over 900 customers. • More than 11M+ licensed users. • Offices in North America, Europe and APAC. • Partners globally.4 Representative Hitachi ID Customers © 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
  3. 3. Slide Presentation5 ID Management Suite6 Identity and Access Problems For users For IT support • How to request a change? • Onboarding, deactivation across many • Who must approve the change? apps is challenging. • When will the change be completed? • More apps all the time! • Too many passwords. • What data is trustworthy and what is • Too many login prompts. obsolete? • Not notified of new-hires/terminations on time. • Hard to interpret end user requests. • Who can request, who should authorize changes? • What entitlements are appropriate for each user? • The problems increase as scope grows from internal to external. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
  4. 4. Slide Presentation7 Identity and Access Problems (continued) For Security / risk / audit For Developers • Orphan, dormant accounts. • Need temporary access (e.g., prod • Too many people with privileged access. migration). • Static admin, service passwords a • Half the code in every new app is the security risk. same: • Weak password, password-reset processes. – Identify. • Inappropriate, outdated entitlements. – Authenticate. • Who owns ID X on system Y? – Authorize. • Who approved entitlement W on system – Audit. Z? – Manage the above. • Limited/unreliable audit logs in apps. • Mistakes in this infrastructure create security holes.8 User ProvisioningUser provisioning is defined as: • Software to create, modify and delete users on different systems. • It must include connectors: – Directories. – Operating systems. – Applications. • It also has to implement business process: – Data synchronization from one system to another. – Self-service requests. – Authorization workflows. • Finally, it should enforce policy rules: – Login ID assignment. – Approvals rules. – Segregation of duties. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
  5. 5. Slide Presentation9 ID Management Suite Component Overview Hitachi ID Create, manage and delete users and entitlements. Identity Manager Automation, self-service and delegation. Hitachi ID Periodic review and cleanup of users and entitlements. Access Certifier Hitachi ID Self service, resource-centric management of AD Group Manager group membership. Hitachi ID Synchronize, reset passwords. Password Manager Manage RSA tokens, security questions, voice prints, PKI certs. Periodically randomize and control access to sensitive passwords. Addons Hitachi ID Periodic updates to data mapping users to their Org Manager managers. Hitachi ID Turn-key IVR for password reset and token Phone PW Manager management. Hitachi ID Auto-populate login IDs and synchronized passwords Login Manager for users. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
  6. 6. Slide Presentation10 ID Management Suite © 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
  7. 7. Slide Presentation11 ID Management Suite in the User Lifecycle Lifecycle Automation Self service / Policy enforcement stage request workflow Onboarding • From HR • Web UI (contractors). • Role-based (employ- setup. ees). • Standardized IDs, OU, mail store, etc. Management • Identity • Applications. • SoD synchro- • Group membership. enforcement. nization. • Profile updates. • Authorize • Automatic changes. role • ID mapping. changes. Support • Password reset. • Password • Resolve access denied strength. errors. • Password expiry. Deactivation • Auto- • Access certification. • Archive termination. • Scheduled terminations. mailboxes, home dirs, etc. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 7
  8. 8. Slide Presentation12 HiIM Features Automation: • Provision joiners, deactivate leavers. • Multiple HR feeds. Requests portal: • Self-service profile updates. • Delegated security change requests. Security controls: • Access certification. • RBAC and SoD. • Reports on current entitlements, history. Workflow process: • Authorizers. • Implementers. • Certifiers. Integrations: • 110+ connectors, included. • Incident management, SIEM, e-mail interfaces. • Manage building access, physical assets. Identity synchronization: • Consistent data among apps. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 8
  9. 9. Slide Presentation13 Closed Loop IAMIntegrated Hitachi ID Management Suite Integrated Systems List accounts Target List of Record people Auto Systems discovery Updates Detected changes Create, Non-integrated Auto-provisioning Identity delete, Systems Identity synch. Cache update Updates accounts Automatic request - Validate requests Auto- Manual Requests - Route for approval Requesters Web UI - Invite authorizers fulfillment request - Send reminders Work - Escalate Queue Invitations - Delegate Create, Manual delete, fulfillment Connectors update Request Transaction accounts Approvals Queue Authorizers Approve, Web UI Manager reject, delegate Invitations Invitations Certification Workflow Implementer Accept, Certifiers Review, Implementers certify, Web UI Manager Web UI confirm correct © 2012 Hitachi ID Systems, Inc.. All rights reserved. 9
  10. 10. Slide Presentation14 Competitive Differentiation Consistency Full featured • Manage all identities and entitlements • Administration and governance in a single • On-premise and SaaS. product. • Accounts, entitlements and resources. • Triggers: automation and request portal. • 110+ connectors included. • Controls: policy, authorization workflow, certification. Scalability Usability • Multi-master architecture. • Business-friendly request process using • Load balanced, replicated. roles, PDRs. • Deploy across data centers. • Simple e-mail/web authorization. • Multi-lingual. • Windows shell extension. • Fulfillment by both connectors and humans.15 The Hitachi ID Solution is Flexible Customize: Every aspect of the user interface Integrate with: 110+ target system types Call tracking systems HR systems Authentication hardware Meta directories Enforce: Password policy Authentication rules Change authorization rules User naming standards © 2012 Hitachi ID Systems, Inc.. All rights reserved. 10
  11. 11. Slide Presentation16 Scalability and Fault-Tolerance • Multiple Hitachi ID Identity Manager servers can be configured for load balancing. • Data is automatically replicated between servers in real time. • Built-in high performance identity cache accelerates system response. • A service monitors the health of each server and may restart it or take it out of circulation. • A proxy server compensates for slow or insecure connectivity to remote target systems. • There are production customers with up to 300,000 users on just two servers. • Replication has been scaled to 20 servers.17 Included ConnectorsMany integrations to target systems included in the base price: Directories: Servers: Databases: Any LDAP, AD, WinNT, NDS, Windows NT, 2000, 2003, Oracle, Sybase, SQL Server, eDirectory, NIS/NIS+. 2008, Samba, Novell, DB2/UDB, Informix, ODBC. SharePoint. Unix: Mainframes, Midrange: HDD Encryption: Linux, Solaris, AIX, HPUX, 24 z/OS: RACF, ACF2, McAfee, CheckPoint. more. TopSecret. iSeries, OpenVMS. ERP: Collaboration: Tokens, Smart Cards: JDE, Oracle eBiz, PeopleSoft, Lotus Notes, Exchange, RSA SecurID, SafeWord, SAP R/3 and ECC 6, Siebel, GroupWise, BlackBerry ES. RADIUS, ActivIdentity, Business Objects. Schlumberger. WebSSO: Help Desk: Cloud/SaaS: CA Siteminder, IBM TAM, BMC Remedy, SDE, HP SM, WebEx, Google Apps, Oracle AM, RSA Access CA Unicenter, Assyst, HEAT,, SOAP Manager. Altiris, Track-It! (generic). © 2012 Hitachi ID Systems, Inc.. All rights reserved. 11
  12. 12. Slide Presentation18 Simple Integration with Custom Apps • Hitachi ID Identity Manager easily integrates with custom, vertical and hosted applications using flexible agents . • Each flexible agent connects to a class of applications: – API bindings (C, C++, Java, COM, ActiveX, MQ Series). – Telnet / TN3270 / TN5250 / sessions with TLS or SSL. – SSH sessions. – HTTP(S) administrative interfaces. – Web services. – Win32 and Unix command-line administration programs. – SQL scripts. – Custom LDAP attributes. • Integration takes a few hours to a few days. • Fixed cost service available from Hitachi ID.19 Multi-Master Architecture ix, Un , D, /390 A S P, e d O DA 0 , tiv or L S40 Na assw ge ted p han A Password -h os s User c Synch ud app Trigger Target Systems Clo aaS Systems S with local agent: OS/390, Unix, PW Reverse ate Hitachi ID older RSA lid Web Proxy Va Application VPN s Target Systems Server(s) ice Server erv with remote agent: IVR bS SQL Server DB We AD, SQL, SAP, Notes, etc ork Load SQL Balancer DB e tw lN ca ails Lo Target Systems Em SQL/Oracle ter en Firewall SMTP or ts Notes Mail Tic ke ge r t aC &T r ig Da Incident up te TCP/IP + AES Management Lo ok mo Various Protocols System System of Firewall Re Record Proxy Server Secure Native Protocol (if needed) HTTPS © 2012 Hitachi ID Systems, Inc.. All rights reserved. 12
  13. 13. Slide Presentation20 Server Internal ArchitectureRemote Site Integrations Core Services IIS or Apache HTTPS Execute List, Inspect, Create, Delete, Connector IDWFM Modify: Workflow Manager Secure RPC Users, Groups User Web User Interface Browser Exits IDTM Transaction Manager Target Hitachi ID End User System Proxy Server PSUPDATE Auto-Discovery Execute Business Logic Admin/Config Native API, Protocol IDTRACK Plugins Automation Engine Target System IDDB Hitachi ID Database Manager Encrypted Protocol Local Agent Target Oracle or MSSQL System Hitachi ID Real-Time Stored Procs Server: Encrypted Replication Identity Cache Requests IDM Internal Database Configuration Components History Hitachi ID Server21 Rapid Deployment and Low TCO Optimized to minimize effort: Using Hitachi ID Identity Manager technology: • User provisioning with HiIM: • Built-in nightly auto-discovery of IDs, entitlements. – Initial deployment: • Both attribute-based and self-service ID 6 – 9 months. mapping. – Ongoing maintenance: • Request, approvals screens and 0.5 – 1.0 FTE. processes are built-in. • Implementer infrastructure for non-integrated apps is built-in. • Powerful authorization workflow is built-in. • Deployment does not depend on role engineering. • 110 connectors out of the box. • Rapid integration with custom, vertical apps. • Easy customization of GUI, business logic. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 13
  14. 14. Slide Presentation22 Competitive Advantages Unique features Rapid deployment • Self-service password/PIN reset from • Key features built-in, not custom: anywhere. • Workflow to refresh OrgChart data. – Change request forms. • Request for resources mapped to AD – Authorization process. groups. – Access certification UI. • Detect/block effective SoD violations. – Auto-discovery. • Self-service ID mapping. • Unique approach to workflow. Scalable platform Integrations • Real-time data replication. • 110+ included connectors. • Multi-master architecture. • Flexible connectors. • Proxy server to cross firewalls. • Built-in implementers workflow. • Stored procedures, native code for speed. • Integrated with incident management, SIEM, etc.23 Hitachi ID Professional Services • Hitachi ID offers a variety of services relating to Hitachi ID Identity Manager, including: – Needs analysis and solution design. – Fixed price system deployment. – Project planning. – Roll-out management, including maximizing user adoption. – Ongoing system monitoring. – Training. • Services are based on extensive experience with the Hitachi ID solution delivery process. • The Hitachi ID professional services team is highly technical and have years of experience deploying IAM solutions. • Hitachi ID partners with integrators that also offer business process and system design services to mutual customers. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 14
  15. 15. Slide Presentation24 Hitachi ID Solution Delivery Approach Fixed-price: All work is delivered on a fixed-price, fixed-deliverables basis. The "meter" is never running. Phases, milestones: Hitachi ID recommends breaking up long projects into phases of 1–3 months. Work is reviewed and payment is due when milestones are met. Open assignment: Each phase may be undertaken by Hitachi ID, the customer, a systems integrator or a combination of the participants. Templates: Template documents and sample business logic are used to expedite work. Customer portal: A self-service portal supports discovery, client/partner/vendor interaction, document distribution and more.25 AdMax: Maximizing User Adoption • Successful implementation of an identity and access management system must be supported by an effective user adoption program. • AdMax is an Hitachi ID professional services program, used to plan for and execute effective user enrollment projects. • AdMax is designed to maximize adoption of and ROI from Hitachi ID identity management solutions, using: – Best practices, case studies and industry norms. – Enrollment, user adoption and ROI measurement. – Incentive and disincentive programs. – Presentations and training materials for users and HD staff. – Project roles and responsibilities. – Sample project plans, promotional materials, e-mails, graphics and other user communications. – Workbooks for project implementation. © 2012 Hitachi ID Systems, Inc.. All rights reserved. 15
  16. 16. Slide Presentation 26 Summary Hitachi ID Identity Manager enables automated, self-service and policy-driven management of identities and entitlements: • Automation: onboarding, deactivation, identity synchronization. • Self-service: profile updates. • Delegated administration: access requests, approvals workflow. • Policy engines: RBAC, SoD, standard setup for new users. • Reports: who-has-what, change history. • Integrations: 110 connectors built-in. • Rapid deployment: built-in screens, processes, features minimize custom coding. More secure infrastructure, lower IT management costs and faster user service. Learn more at 27 Getting an IAM Project Started • Build a business case. • Get management sponsorship and a budget. • Discovery phase, capture detailed requirements. • Assemble a project team: – security – system administration – user support – etc. • Try before you buy: Demos, POCs, pilots. • Install the software, roll to production. • Enroll users, if/as required.500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: File: Date: March 1, 2012