Managing the User Lifecycle Across On-Premises and 2 ...hitachi-id.com/.../largedocs/presentation-idm-msp/presentation.pdf1 Hitachi ID Suite Managing the User ... Hitachi ID Org Manager
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1 Hitachi ID Suite
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Administration and governance ofIdentities, entitlements and credentials.
2 Agenda
• Introductions.• Hitachi ID corporate overview.• Hitachi ID Suite overview.• Architecture and technology.• MSP advantages.
Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID IAM solutions are used by Fortune500companies to secure access to systemsin the enterprise and in the cloud.
• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1200 customers.• More than 14M+ licensed users.• Offices in North America, Europe and
• Managed service providers outsource IT services, such as help desk call resolution• Almost all major MSPs have standardized on Hitachi ID solutions to automatically resolve password
problems for their customers.• Many MSPs are now adding Hitachi ID solutions to automate identity and access management as
• Password change, reset and unlock.• Token or smart card PIN reset.• Unlock encrypted filesystem with forgotten pre-boot password.
Value-add:
• 2FA – built-in for all users, including via mobile app.• Federated access – replace other apps’ login screens.• Password vault – users can store unmanaged passwords.
Access from:
• PC browser or login screen.• At the office or off-site.• Smart phone app or self-service phone call.
Assisted service:
• Password, token PIN, intruder lockout.
Policy enforcement:
• Two-factor authentication for all users.• Password complexity, expiry, history.• Non-password authentication.
Managed enrollment:
• Security questions.• Login IDs.• Mobile phone numbers.
• Monitor one or more systems of record (SoR).• Generate requests to grant, revoke access.
Request portal:
• Users can request for themselves or others.• Access control model limits visibility, requestability.
Certification:
• Initiated by the system (event, schedule).• Stake-holders review identities, entitlements.• Generates deprovisioning requests.
Workflow:
• Invite authorizers, implementers, certifiers to act.• Built-in reminders, escalation, delegation and more.• Selects participants via policy, not flow-charts.
– 30% of organizations have no data about each employee or contractor’s manager.– 90% of organizations have incomplete, inaccurate or out-of-date OrgChart data.
• HR systems rarely include contractors, vendors, etc.• Organizations are dynamic and HR often doesn’t have the means to accurately or quickly record
changes.• Staff may have multiple managers, but it’s best if only one manager is ultimately responsible for their
actions, privileges, pay, etc.• Bottom line: while OrgChart data is valuable, it is rarely available, complete or reliable.
17 Summary
Hitachi ID Org Manager leverages the Hitachi ID Suite infrastructure to effectively manage OrgChartdata:
• Get managers to name their own subordinates.• Clean up errors in current OrgChart data.• Fill in gaps in existing data – contractors, vendors, temps, etc.• Enable processes that depend on complete and accurate OrgChart data, such as IAM workflow
and access certification.
18 Privileged Accounts Not Secured
• Workstations and servers often have the same, unchanging administrator passwords.• These passwords are used by desktop support staff, data center staff and other IT resources to
manage hardware, operating systems, etc.• With thousands of workstations and servers, it is difficult or impossible to ever change these
passwords.• As IT staff turn over, ex-staff retain keys to sensitive assets.
• Deploying client software to each and every workstation.• Building and securing a high-availability database or directory in which to store application
passwords.• Populating and keeping current user application passwords.• Updating encrypted passwords after password resets.• Enabling application access from Internet kiosks, PDAs and other non-SSO-enabled devices.
21 HiLM features
Reduced Signon Compatible Applications Advantages:... never
• Capture the user’s loginID and password fromthe workstation login.
• Extract alternate loginIDs from AD.
• Detect dialogs where theuser types the knownlogin IDs/password.
• Automatically fill in userID/password prompts.
• Native Windows dialogboxes.
• HTML forms using IEand Firefox.
• 3270 and 5250 terminalsessions.
• Lotus Notes R6 – R8.• SAP R/3 GUI.
• Store passwords.• Hand-code scripts.• Contact a central server.• Set an application
Directories: Databases: Server OS – X86/IA64: Server OS – Unix: Server OS – Mainframe:
Active Directory and AzureAD; any LDAP; NIS/NIS+ andeDirectory.
Oracle; SAP ASE and HANA;SQL Server; DB2/UDB;Hyperion; Caché; MySQL;OLAP and ODBC.
Windows: NT thru 2016; Linuxand *BSD.
Solaris, AIX and HP-UX. RAC/F, ACF/2 and TopSecret.
Server OS – Midrange: ERP, CRM and other apps: Messaging & collaboration: Smart cards and 2FA: Access managers / SSO:
iSeries (OS400); OpenVMSand HPE/Tandem NonStop.
Oracle EBS; SAP ECC andR/3; JD Edwards; PeopleSoft;Salesforce.com; Concur;Business Objects and Epic.
Microsoft Exchange, Lync andOffice 365; LotusNotes/Domino; Google Apps;Cisco WebEx, Call Managerand Unity.
Any RADIUS service or SAMLIdP; Duo Security; RSASecurID; SafeWord; Vasco;ActivIdentity andSchlumberger.
CA SiteMinder; IBM SecurityAccess Manager; Oracle AM;RSA Access Manager andImprivata OneSign.
Help desk / ITSM: PC filesystem encryption: Server health monitoring: HR / HCM: Extensible / scriptable:
ServiceNow; BMC Remedy,RemedyForce and Footprints;JIRA; HPE Service Manager;CA Service Desk; AxiosAssyst; Ivanti HEAT;Symantec Altiris; Track-It!; MSSCS Manager and Cherwell.
Microsoft BitLocker; McAfee;Symantec EndpointEncryption and PGP;CheckPoint and SophosSafeGuard.
HP iLO, Dell DRAC and IBMRSA.
WorkDay; PeopleSoft HR;SAP HCM andSuccessFactors.
CSV files; SCIM; SSH;Telnet/TN3270/TN5250;HTTP(S); SQL; LDAP;PowerShell and Python.
Hypervisors and IaaS: Mobile management: Network devices: Filesystems and content: SIEM:
AWS; vSphere and ESXi. BlackBerry Enterprise Serverand MobileIron.
– Reference builds.– All features, connectors included.– Auto-discovery of systems, accounts, entitlements.– Automated and self-service ID mapping.– Policy-driven workflow easier to manage.– No need to engage in costly role engineering.
• Three integrated IAM products, used by over 14M users, that can:
– Discover and connect identities across systems and applications.– Securely and efficiently manage entitlements and credentials.– Secure and monitor access to privileged accounts.
• Improve security to comply with regulations.• Reduce IT support cost and improve user productivity.• Consolidate management of on-premises and SaaS apps.
hitachi-id.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]