streamlining user lifecycle management with hitachi id management suite

1 IDM Suite

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Administration and Governance ofIdentities, Entitlements and Credentials.

2 Agenda

• Introductions.• Hitachi ID corporate overview.• IDM Suite overview.• The user management lifecycle.• Addressing identity management system deployment challenges.• Advantages of the Hitachi ID solution.

© 2013 Hitachi ID Systems, Inc.. All rights reserved. 1

http://Hitachi.com/

Slide Presentation

3 Hitachi ID Corporate Overview

Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID solutions are used by Fortune 500companies to secure access to systemsin the enterprise and in the cloud.

• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1000 customers.• More than 12M+ licensed users.• Offices in North America, Europe and

APAC.• Partners globally.

4 Representative Hitachi ID Customers


Slide Presentation

5 The User Lifecycle

At a high level, the userlifecycle is essentiallythe same in allorganizations andacross all platforms.

6 Business Challenges

• More IT → moreusers to manage.

• There arechallengesthroughout theuser lifecycle.

• Support cost.• User service.• Security.

Slow:too much paper,

too many people.

Expensive:too many administrators

doing redundant work.

Role changes:add/remove rights.

Policies:enforced?

Audit:are privileges appropriate?

Org. relationships:track and maintain.

Reliable:notification of terminations.

Fast:response by sysadmins.

Complete:deactivation of all IDs.

Passwords:too many, too weak,often forgotten.

Access:Why can’t I access thatapplication / folder / etc.


Slide Presentation

7 IAM in Silos

In most organizations, many processes affect many applications.This many-to-many relationship creates complexity:

8 Distributed IAM Is Complex

• Managing each system and application separately is complex.• Complexity is bad:

– Expensive: redundant updates to every system when hiring, moving or terminating users.– Unfriendly: users have lots of different IDs and passwords, which they don’t know how to

manage.– Insecure: mistakes are made and users get or retain excess entitlements.

Orphan and dormant accounts.Stale privileges.

• Every system and application added makes things worse.


Slide Presentation

9 Integrated IAM Processes

Business Processes IT Processes

Hire Retire New Application Retire ApplicationResign Finish Contract

Systems and Applications

Users

Passwords

Groups

Attributes

OperatingSystem

Directory Application Database E-mailSystem

ERP LegacyApp

Mainframe

Transfer Fire Start Contract Password Expiry Password Reset

Identity Management System

10 IDM Suite


Slide Presentation

11 Onboarding New Users

Hitachi ID Identity Manager can accelerate theonboarding process and reduce the securityadministration burden:

• Automation:Detect new hires in HR and automaticallycreate access on managed systems,such as AD, SAP and the mainframe.

• Self-service workflow:Managers can request and approveaccess electronically, for example forcontractors.

• Consolidated administration:Security administrators save time byusing one tool to manage users acrossevery system.

12 Change Management

Hitachi ID Identity Manager manageschanges to user profiles:

• Self-service updates to phonenumbers, department codes, etc.

HiIM, Hitachi ID Group Manager and HitachiID Org Manager manage changes to userroles and responsibilities:

• Self-service requests for newentitlements.

• Distributed audit of user rights bymanagers and app owners.

• Distributed update of organizationalrelationships by managers.


Slide Presentation

13 IT Support

Hitachi ID Password Manager for "Iforgot/locked my password" calls:

• Synchronization: Users with fewerpasswords have fewer problems.

• Reset: Users can resolve their ownproblems without calling the help desk.

• Assistance: A help desk interfacereduces the duration and cost ofremaining calls.

Hitachi ID Group Manager for "accessdenied" calls:

• Self-service: Users browse forresources and request access.

• Authorization workflow: Groupowners are asked to review andapprove change requests.


Slide Presentation

14 Deactivating Access

Retirement, resignation, end-of-contract:

• Hitachi ID Identity Manager detectschanges in systems of record, suchas HR, and deactivates all access.

• Managers can schedule deactivationwith a workflow form.

Dismissals:

• Security administrators use an HiIMform to terminate all of a user’saccounts immediately.

Asset retrieval

• HiIM inventory tracking assists inretrieval of PCs, cell phones, buildingaccess badges, etc.


Slide Presentation

15 Closed Loop IAM

IntegratedSystems

of Record Autodiscovery

Auto-provisioningIdentity synch.

IdentityCache

IntegratedTarget Systems

Non-integratedSystems

Transaction Manager

Connectors

List accounts

Create,delete,update

accountsUpdates

UpdatesDetectedchanges

Listpeople

Authorizers Approve,reject,delegate

Invitations

ApprovalsWeb UI

Certifiers Review,certify,correct

Invitations

CertificationWeb UI

Requesters Manualrequest

RequestsWeb UI

- Validate requests- Route for approval- Invite authorizers- Send reminders- Escalate- Delegate

Manualfulfillment

Auto-fulfillment

Create,delete,updateaccounts

Automaticrequest

ImplementersAccept,confirm

Invitations

ImplementerWeb UI

RequestQueue

WorkflowManager

Hitachi ID Management Suite

WorkQueue


Slide Presentation

16 Multi-Master Architecture

Hitachi ID

Application Server(s)

TCP/IP + AES

Various Protocols

Secure Native Protocol

HTTPS

Remote Data Center

Remote Data CenterLocal Network

Emails

Tickets

Lookup & Trigger

Native

password

change

AD, Unix,

OS/390,

LDAP,

AS400

Validate PW

Web Services

SQLDB

SQLDB

Cloud-hosted,

SaaS apps

IVRServer

VPNServer

Reverse

Web

ProxyPassword Synch Trigger S

ystems

Firewall

Firewall

SMTP or

Notes Mail

Incident

Mgmt

System

System of

Record

Target

Systems

Proxy Server

(if needed)

SQL/

Oracle

Load

BalancerTarget Systems with local agent:

OS/390, Unix, older RSA

Target Systems with remote agent:

AD, SQL, SAP, Notes, etc


Slide Presentation

17 Included Connectors

Many integrations to target systems included in the base price:

Directories:Any LDAP, AD, WinNT, NDS,eDirectory, NIS/NIS+.

Servers:Windows NT, 2000, 2003,2008, 2008R2, Samba,Novell, SharePoint.

Databases:Oracle, Sybase, SQL Server,DB2/UDB, Informix, ODBC,Oracle Hyperion EPM SharedServices, Cache.

Unix:Linux, Solaris, AIX, HPUX, 24more variants.

Mainframes, Midrange:z/OS: RACF, ACF2,TopSecret. iSeries,OpenVMS.

HDD Encryption:McAfee, CheckPoint,BitLocker, PGP.

ERP:JDE, Oracle eBiz,PeopleSoft, PeopleSoft HR,SAP R/3 and ECC 6, Siebel,Business Objects.

Collaboration:Lotus Notes, Exchange,GroupWise, BlackBerry ES.

Tokens, Smart Cards:RSA SecurID, SafeWord,RADIUS, ActivIdentity,Schlumberger.

WebSSO:CA Siteminder, IBM TAM,Oracle AM, RSA AccessManager.

Help Desk:ServiceNow, BMC Remedy,SDE, HP SM, CA Unicenter,Assyst, HEAT, Altiris, Clarify,RSA Envision, Track-It!, MSSystem Center ServiceManager

Cloud/SaaS:WebEx, Google Apps, MSOffice 365, Salesforce.com,SOAP (generic).

18 Rapid Integration with Custom Apps

• IDM Suite easily integrates with custom, vertical and hosted applications using flexible agents .• Each flexible agent connects to a class of applications:

– API bindings (C, C++, Java, COM, ActiveX, MQ Series).– Telnet / TN3270 / TN5250 / sessions with TLS or SSL.– SSH sessions.– HTTP(S) administrative interfaces.– Web services.– Win32 and Unix command-line administration programs.– SQL scripts.– Custom LDAP attributes.

• Integration takes a few hours to a few days.• Fixed cost service available from Hitachi ID.


Slide Presentation

19 IAM Project Risk Management

IAM projects often take too long and cost toomuch. Why?

Risk management

• Data quality:

– Nonstandard, disconnected IDs– Incorrect, old identity data.

• Combine automation and self-service forclean up.

• Never-ending role engineering:

– Role based access control is a goodobjective, but...

– It can be slow and costly to developand maintain roles.

– Some users just don’t fit.

• Start deployment with just a few roles.• Add roles gradually, based on demand.

• Too many workflows:

– Defining too many forms, processestakes too long.

– One form, one process per changetype? Per system?

• Implement a generic changemanagement system.

• Custom forms for just the most popularrequests.

20 Hitachi ID Technology Advantages

• More features and functionality for less money:

– Lower initial and ongoing investment (License scheme)– Lower on-going administration costs

• Technology (not services) drives down deployment costs:

– Auto-discovery.– Self-service login ID reconciliation.– More pre-built connectors.– Support for multi-tenant installation.– Functional across customer firewalls.– Avoids role engineering.– Dynamic workflow.– Full functionality without client software.– Easier to extend to custom applications/targets.


Slide Presentation

21 IDM Suite Summary

• A rich suite of identity and access management products, with over 12M licensed users, that can:

– Discover and connect user objects from every system.– Streamline administration of users, entitlements and login credentials.– Construct and maintain OrgChart data.– Secure access to privileged accounts on thousands of systems.

• Lock down security and comply with regulations requiring internal controls.• Reduce operating costs and improve user productivity.• Flexible, scalable, reliable, available.

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]

File: PRCS:presDate: September 19, 2013

http://Hitachi-ID.com/

streamlining user lifecycle management with hitachi id management suite

Documents