1 Hitachi ID Group Manager

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Full lifecycle management of groups and memberships.

2 Agenda

• Introductions.• Hitachi ID corporate overview.• Hitachi ID Suite overview.• Managing group lifecycle and membership at scale.• The Hitachi ID Group Manager solution.• Animated demonstration.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation

3 Hitachi ID corporate overview

Hitachi ID delivers access governanceand identity administration solutionsto organizations globally.Hitachi ID IAM solutions are used by Fortune500companies to secure access to systemsin the enterprise and in the cloud.

• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 1200 customers.• More than 14M+ licensed users.• Offices in North America, Europe and

APAC.• Global partner network.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation

4 Representative customers

© 2020 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation

5 Hitachi ID Suite

6 Problem: Too many security groups

• Medium to large organizations have directories with thousands of groups:

– AD and LDAP.– Security groups and mail distribution lists.

• Challenging to manage at scale:

– Requests to create new groups (do users know what to ask for?).– Ambiguous authorization process (who owns? who approves?).– Calculated versus requested membership.– When should groups be deleted/archived?– When should memberships expire?– Nesting / hierarchy? Loops?– Appropriate metadata (owner, description, risk, ...).

© 2020 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation

7 Group lifecycle management

• Hitachi ID Group Manager can manage both groups (create, manage) and membership (assign,revoke) in AD, LDAP and other systems.

• Group Manager enables users to request access to resources such as folders or SharePoint sitesand easily select groups.

• Group membership can be either requested/approved and later reviewed/revoked or automaticallycalculated.

• Analytics are included to find duplicate, too-small or rarely-changing groups and help clean up.• Easier group management fosters collaboration and reduces administration overhead.

8 HiGM features

Hitachi ID Group Manager enables self-service administration of groups and access to resources likeshares and folders:

• Group lifecycle:

– Create new groups and manage existing ones.

• Navigate:

– Intercept "Access Denied" error messages and help users navigate to requests for anappropriate group.

• Request:

– Group create, modify and delete.– Changes to metadata such as ownership and description.– Add/remove members.

• Authorize:

– Changes by a workflow request is created dynamically and sent to the group’s owner plusanyone else specified by policy.

• Provision:

– Upon approval, create/modify a group or add/revoke members.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation

9 Active-active architecture

“Cloud”

Reverse

web

proxyVPN server

IVR server

Load

balancers

E-mail

system

Ticketing

system

HR

Hitachi ID

servers

Hitachi ID

servers

Firewalls

Proxy server

(if needed)

Mobile

proxy

SaaS apps

Managed

endpoints

Managed endpoints

with remote agent:

AD, SQL, SAP, Notes, etc

z/OS - local agent

MS SQL databases

Password synch

trigger systems

Native password

change

ManageMobile UI

AD, Unix, z/OS,

LDAP, iSeries

Validate pw

Replication

System of

record

Tickets

Notifications

and invitations

Data c

enter A

Data c

enter B

Remote

data

cente

r

TCP/IP + AES

Various protocols

Secure native protocol

HTTPS

10 Self service creation of a new Active Directory group

Animation: ../../pics/camtasia/suite11/higm-group-create.mp4

11 Request membership in group

Animation: ../../pics/camtasia/suite11/higm-join-single-group.mp4

© 2020 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation

12 Add/remove multiple group members

Animation: ../../pics/camtasia/suite11/higm-add-remove-members.mp4

13 Change child groups

Animation: ../../pics/camtasia/suite11/higm-update-child-groups.mp4

14 Change group ownership

Animation: ../../pics/camtasia/suite11/higm-change-owners.mp4

15 Intercept ’Access denied’ dialogs

Animation: ../../pics/camtasia/suite11/higm-A-request-folder.mp4

16 Request approval

Animation: ../../pics/camtasia/suite11/higm-B-request-approve.mp4

© 2020 Hitachi ID Systems, Inc. All rights reserved. 7

Slide Presentation

17 Request approved, user can open folder

Animation: ../../pics/camtasia/suite11/higm-C-approved-open-file-nb.mp4

18 Group request via comparison

Animation: ../../pics/camtasia/suite11/hiim-request-groups-model-after.mp4

19 Group membership certification

Animation: ../../pics/camtasia/suite11/higm-cert-membership.mp4

20 Hitachi ID Suite overview

• Hitachi ID Group Manager is a component of Hitachi ID Suite.• Hitachi ID Suite streamlines management of identities, accounts, groups, roles and credentials in

medium to large organizations.• Three integrated IAM products, licensed to over 14M users, that can:

– Discover and connect identities across systems and applications.– Securely and efficiently manage identities, groups, entitlements and credentials.– Secure and monitor access to privileged accounts.– Provide strong authentication and federated sign-on.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 8

Slide Presentation

21 Summary

Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively manage largenumbers of Active Directory or LDAP groups:

• Manage groups as well as their membership.• Access requests can start with a resource like a share or folder, rather than requiring that users

understand groups or access rights.• Move change requests and approvals out of IT, to the business.• Security staff and auditors focus on process integrity rather than individual requests.

Learn more at hitachi-id.com/identity-manager/features/group-management.html.... or ... E-mail sales@hitachi-id.com

hitachi-id.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 E-Mail: sales@hitachi-id.com

Date: 2020-03-23 | 2020-03-23 File: PRCS:pres