Page 1

1

Hitachi ID Group Manager

Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Self service management of security group membership.

2

Agenda • • • • • •

Introductions. Hitachi ID corporate overview. ID Management Suite overview. Managing membership in large numbers of AD groups. The Hitachi ID Group Manager solution. Animated demonstration.

© 2012 Hitachi ID Systems, Inc.. All rights reserved.

1


Slide Presentation

3

Hitachi ID Corporate Overview

Hitachi ID is a leading provider of identity and access management solutions. • • • • •

Founded as M-Tech in 1992. A division of Hitachi, Ltd. since 2008. Over 900 customers. More than 11M+ licensed users. Offices in North America, Europe and APAC. • Partners globally.

4

Representative Hitachi ID Customers

© 2012 Hitachi ID Systems, Inc.. All rights reserved.

2


Slide Presentation

5

ID Management Suite

6

Problem: Too Many Security Groups Medium to large AD environments have thousands of security groups:

It is challenging to manage group membership on this scale:

• Control access to printers, shares and folders. • Membership in mail distribution lists.

• • • •

User needs constantly change. Users do not understand groups or ACLs. Users don’t know which groups they need. Who authorizes membership in each group?

© 2012 Hitachi ID Systems, Inc.. All rights reserved.

3


Slide Presentation

7

Group Manager: Self service management of security group membership • Hitachi ID Group Manager enables users to request access to network resources such as applications or file folders using an intuitive Web-based interface. • Behind the scenes, Group Manager creates requests for security group membership and automatically tracks authorization by the appropriate stake-holders. • Group Manager makes administration of security entitlements simple and efficient and so fosters collaboration and reduces security administration workload.

8

Group Manager Features

Hitachi ID Group Manager enables self service administration of user access to network resources – shares, folders, etc.: • Intercept: – The Windows "Access Denied" error dialog and send users to the appropriate workflow / group membership request screen. • Browse: – Users find the resources they want using Group Manager. • Request: – Users ask for access to a resource (no knowledge of groups required). • Map: – Group Manager maps user requests to group membership. • Route: – A workflow request is created dynamically and sent to the group’s owner plus anyone else specified by policy. • Provision: – Upon approval, the user is added to the appropriate group. • Notify: – Users and authorizers are sent thank-you notes.

© 2012 Hitachi ID Systems, Inc.. All rights reserved.

4


Slide Presentation

9

The 50/50 Rule

A simple rule that illustrates cost savings from each Hitachi ID Group Manager feature:

10

Feature

Impact

Net help desk workload reduction

Self-service access requests:

Eliminates 50% of calls.

50%

Simplified resolution of access problems:

Shortens call duration by 50%.

75%

Scenario

Impact

Net workload reduction

Conservative estimate:

50/50

75%

Optimized deployment:

60/80

92%

Multi-Master Architecture , nix , U 0, AD S/39 P, O DA 0 d e L S40 tiv or Na assw ge A p han Password c Synch Trigger Systems

User

IVR Server

VPN Server

Reverse Web Proxy

lid Va

Load Balancer

SMTP or Notes Mail

Various Protocols Secure Native Protocol HTTPS

PW

Target Systems with local agent: OS/390, Unix, older RSA

Hitachi ID Application Server(s) SQL DB

ails Em

TCP/IP + AES

ate

We

ice er v bS

Target Systems with remote agent: AD, SQL, SAP, Notes, etc

s

SQL DB

SQL/Oracle

ts ke Tic

& Incident up ok Management Lo System System of Record

Firewall

g Tri

, ted os s h ud app Clo aaS S

ca Lo

etw lN

ork

Target Systems

r ge

m Re

Firewall

ot

n Ce a t a eD

ter

Proxy Server (if needed)

Š 2012 Hitachi ID Systems, Inc.. All rights reserved.

5


Slide Presentation

11

Windows access denied dialog leading to group membership request

Animation: ../pics/camtasia/shell-extension/A-Request-Folder.cam4

12

Authorization of a request for security group membership

Animation: ../pics/camtasia/shell-extension/B-Request-Approve.cam4

13

Request approved, user can access the folder

Animation: ../pics/camtasia/shell-extension/C-approve-open-file.cam4

14

ID Management Suite Overview • Hitachi ID Group Manager is a component of ID Management Suite. • ID Management Suite is designed to streamline management of users and passwords for enterprise users. • A rich suite of identity and access management products, with over 11M licensed users, that can: – – – –

Discover and connect user objects from every system. Streamline administration of users, entitlements and login credentials. Construct and maintain OrgChart data. Secure access to privileged accounts on thousands of systems.

© 2012 Hitachi ID Systems, Inc.. All rights reserved.

6


Slide Presentation

15

Summary

Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively manage membership in large numbers of Active Directory groups: • • • •

Users focus on network resources, not groups. Group owners, not IT, authorize requests for resource access. IT security administrators manage the process, not individual requests. Auditors can monitor current group membership and how users came to have the rights they do.

Learn more at Hitachi-ID.com/Group-Manager. ... or ... E-mail sales@Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

www.Hitachi-ID.com

File: PRCS:pres Date: March 1, 2012

Hitachi ID Group Manager  

Self service management of security group membership. http://hitachi-id.com/

Read more
Read more
Similar to
Popular now
Just for you