More Related Content More from Hitachi ID Systems, Inc. (20) Hitachi ID Group Manager: Reduce support cost with self-service AD group management1. 1 Hitachi ID Group Manager
Managing the User Lifecycle
Across On-Premises and
Cloud-Hosted Applications
Self service management of security group membership.
2 Agenda
• Introductions.
• Hitachi ID corporate overview.
• ID Management Suite overview.
• Managing membership in large numbers of AD groups.
• The Hitachi ID Group Manager solution.
• Animated demonstration.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
2. Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identity
and access management solutions.
• Founded as M-Tech in 1992.
• A division of Hitachi, Ltd. since 2008.
• Over 900 customers.
• More than 11M+ licensed users.
• Offices in North America, Europe and
APAC.
• Partners globally.
4 Representative Hitachi ID Customers
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
3. Slide Presentation
5 ID Management Suite
6 Problem: Too Many Security Groups
Medium to large AD environments have It is challenging to manage group
thousands of security groups: membership on this scale:
• Control access to printers, shares and • User needs constantly change.
folders. • Users do not understand groups or ACLs.
• Membership in mail distribution lists. • Users don’t know which groups they need.
• Who authorizes membership in each
group?
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
4. Slide Presentation
7 Group Manager: Self service management of security group mem-
bership
• Hitachi ID Group Manager enables users to request access to network resources such as
applications or file folders using an intuitive Web-based interface.
• Behind the scenes, Group Manager creates requests for security group membership and
automatically tracks authorization by the appropriate stake-holders.
• Group Manager makes administration of security entitlements simple and efficient and so fosters
collaboration and reduces security administration workload.
8 Group Manager Features
Hitachi ID Group Manager enables self service administration of user access to network resources –
shares, folders, etc.:
• Intercept:
– The Windows "Access Denied" error dialog and send users to the appropriate workflow /
group membership request screen.
• Browse:
– Users find the resources they want using Group Manager.
• Request:
– Users ask for access to a resource (no knowledge of groups required).
• Map:
– Group Manager maps user requests to group membership.
• Route:
– A workflow request is created dynamically and sent to the group’s owner plus anyone else
specified by policy.
• Provision:
– Upon approval, the user is added to the appropriate group.
• Notify:
– Users and authorizers are sent thank-you notes.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
5. Slide Presentation
9 The 50/50 Rule
A simple rule that illustrates cost savings from each Hitachi ID Group Manager feature:
Net help desk
Feature Impact workload reduction
Self-service access requests: Eliminates 50% of calls. 50%
Simplified resolution of Shortens call duration by 75%
access problems: 50%.
Net workload
Scenario Impact reduction
Conservative estimate: 50/50 75%
Optimized deployment: 60/80 92%
10 Multi-Master Architecture
,
nix
, U 0,
AD S/39 P,
d O DA 0
e
tiv or L S40 d,
Na assw ge A st e
p han Password
-ho pps
User c
Synch ud a
Trigger Target Systems Clo aaS
Systems
S
with local agent:
OS/390, Unix,
PW
Reverse ate Hitachi ID older RSA
lid
Web Proxy Va Application
VPN s Target Systems
Server(s) ce
Server rvi with remote agent:
IVR SQL
b Se
Server DB
We AD, SQL, SAP, Notes, etc
ork
Load
SQL
etw
Balancer DB
lN
ca
ails Lo
Target Systems
Em r
nte
SQL/Oracle
Firewall
SMTP or
ke
ts
r a Ce
Notes Mail Tic ge t
Da
g
Tri
Incident
up
&
te
TCP/IP + AES Management Lo
ok
mo
Various Protocols
System System of Firewall Re
Record Proxy Server
Secure Native Protocol
(if needed)
HTTPS
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
6. Slide Presentation
11 Windows access denied dialog leading to group membership re-
quest
Animation: ../pics/camtasia/shell-extension/A-Request-Folder.cam4
12 Authorization of a request for security group membership
Animation: ../pics/camtasia/shell-extension/B-Request-Approve.cam4
13 Request approved, user can access the folder
Animation: ../pics/camtasia/shell-extension/C-approve-open-file.cam4
14 ID Management Suite Overview
• Hitachi ID Group Manager is a component of ID Management Suite.
• ID Management Suite is designed to streamline management of users and passwords for enterprise
users.
• A rich suite of identity and access management products, with over 11M licensed users, that can:
– Discover and connect user objects from every system.
– Streamline administration of users, entitlements and login credentials.
– Construct and maintain OrgChart data.
– Secure access to privileged accounts on thousands of systems.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
7. Slide Presentation
15 Summary
Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively manage
membership in large numbers of Active Directory groups:
• Users focus on network resources, not groups.
• Group owners, not IT, authorize requests for resource access.
• IT security administrators manage the process, not individual requests.
• Auditors can monitor current group membership and how users came to have the rights they do.
Learn more at Hitachi-ID.com/Group-Manager.
... or ... E-mail sales@Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: PRCS:pres
www.Hitachi-ID.com Date: March 1, 2012