Hitachi ID Group Manager: Reduce support cost with self-service AD group management
-
Upload
hitachi-id-systems-inc -
Category
Technology
-
view
625 -
download
1
description
Transcript of Hitachi ID Group Manager: Reduce support cost with self-service AD group management
1 Hitachi ID Group Manager
Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications
Self service management of security group membership.
2 Agenda
• Introductions.• Hitachi ID corporate overview.• ID Management Suite overview.• Managing membership in large numbers of AD groups.• The Hitachi ID Group Manager solution.• Animated demonstration.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1
Slide Presentation
3 Hitachi ID Corporate Overview
Hitachi ID is a leading provider of identityand access management solutions.
• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 900 customers.• More than 11M+ licensed users.• Offices in North America, Europe and
APAC.• Partners globally.
4 Representative Hitachi ID Customers
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2
Slide Presentation
5 ID Management Suite
6 Problem: Too Many Security Groups
Medium to large AD environments havethousands of security groups:
It is challenging to manage groupmembership on this scale:
• Control access to printers, shares andfolders.
• Membership in mail distribution lists.
• User needs constantly change.• Users do not understand groups or ACLs.• Users don’t know which groups they need.• Who authorizes membership in each
group?
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3
Slide Presentation
7 Group Manager: Self service management of security group mem-bership
• Hitachi ID Group Manager enables users to request access to network resources such asapplications or file folders using an intuitive Web-based interface.
• Behind the scenes, Group Manager creates requests for security group membership andautomatically tracks authorization by the appropriate stake-holders.
• Group Manager makes administration of security entitlements simple and efficient and so fosterscollaboration and reduces security administration workload.
8 Group Manager Features
Hitachi ID Group Manager enables self service administration of user access to network resources –shares, folders, etc.:
• Intercept:
– The Windows "Access Denied" error dialog and send users to the appropriate workflow /group membership request screen.
• Browse:
– Users find the resources they want using Group Manager.
• Request:
– Users ask for access to a resource (no knowledge of groups required).
• Map:
– Group Manager maps user requests to group membership.
• Route:
– A workflow request is created dynamically and sent to the group’s owner plus anyone elsespecified by policy.
• Provision:
– Upon approval, the user is added to the appropriate group.
• Notify:
– Users and authorizers are sent thank-you notes.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4
Slide Presentation
9 The 50/50 Rule
A simple rule that illustrates cost savings from each Hitachi ID Group Manager feature:
Feature ImpactNet help deskworkload reduction
Self-service access requests: Eliminates 50% of calls. 50%
Simplified resolution ofaccess problems:
Shortens call duration by50%.
75%
Scenario ImpactNet workloadreduction
Conservative estimate: 50/50 75%
Optimized deployment: 60/80 92%
10 Multi-Master Architecture
UserPasswordSynchTriggerSystems
Load Balancer
SMTP or Notes Mail
IncidentManagementSystem System of
Record
IVRServer
ReverseWeb Proxy
Target Systemswith local agent:OS/390, Unix, older RSA
Firewall
TCP/IP + AES
Various Protocols
Secure Native Protocol
HTTPS
Remote Data Center
Firewall
Local Network
Target Systemswith remote agent:AD, SQL, SAP, Notes, etc
Target SystemsEmails
Tickets
Lookup & Trigger
Native
password
change
AD, Unix,
OS/390,
LDAP,
AS400
Validate PW
Web Services
Proxy Server(if needed)
Hitachi IDApplicationServer(s)
SQL/Oracle
SQLDB
SQLDB
Cloud-hosted,
SaaS apps
VPNServer
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5
Slide Presentation
11 Windows access denied dialog leading to group membership re-quest
Animation: ../pics/camtasia/shell-extension/A-Request-Folder.cam4
12 Authorization of a request for security group membership
Animation: ../pics/camtasia/shell-extension/B-Request-Approve.cam4
13 Request approved, user can access the folder
Animation: ../pics/camtasia/shell-extension/C-approve-open-file.cam4
14 ID Management Suite Overview
• Hitachi ID Group Manager is a component of ID Management Suite.• ID Management Suite is designed to streamline management of users and passwords for enterprise
users.• A rich suite of identity and access management products, with over 11M licensed users, that can:
– Discover and connect user objects from every system.– Streamline administration of users, entitlements and login credentials.– Construct and maintain OrgChart data.– Secure access to privileged accounts on thousands of systems.
© 2012 Hitachi ID Systems, Inc.. All rights reserved. 6
Slide Presentation
15 Summary
Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively managemembership in large numbers of Active Directory groups:
• Users focus on network resources, not groups.• Group owners, not IT, authorize requests for resource access.• IT security administrators manage the process, not individual requests.• Auditors can monitor current group membership and how users came to have the rights they do.
Learn more at Hitachi-ID.com/Group-Manager.... or ... E-mail [email protected]
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: [email protected]
File: PRCS:presDate: March 1, 2012