1 Hitachi ID Group Manager

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Self service management of security group membership.

2 Agenda

• Introductions.• Hitachi ID corporate overview.• ID Management Suite overview.• Managing membership in large numbers of AD groups.• The Hitachi ID Group Manager solution.• Animated demonstration.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 1

Slide Presentation

3 Hitachi ID Corporate Overview

Hitachi ID is a leading provider of identityand access management solutions.

• Founded as M-Tech in 1992.• A division of Hitachi, Ltd. since 2008.• Over 900 customers.• More than 11M+ licensed users.• Offices in North America, Europe and

APAC.• Partners globally.

4 Representative Hitachi ID Customers

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 2

Slide Presentation

5 ID Management Suite

6 Problem: Too Many Security Groups

Medium to large AD environments havethousands of security groups:

It is challenging to manage groupmembership on this scale:

• Control access to printers, shares andfolders.

• Membership in mail distribution lists.

• User needs constantly change.• Users do not understand groups or ACLs.• Users don’t know which groups they need.• Who authorizes membership in each

group?

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 3

Slide Presentation

7 Group Manager: Self service management of security group mem-bership

• Hitachi ID Group Manager enables users to request access to network resources such asapplications or file folders using an intuitive Web-based interface.

• Behind the scenes, Group Manager creates requests for security group membership andautomatically tracks authorization by the appropriate stake-holders.

• Group Manager makes administration of security entitlements simple and efficient and so fosterscollaboration and reduces security administration workload.

8 Group Manager Features

Hitachi ID Group Manager enables self service administration of user access to network resources –shares, folders, etc.:

• Intercept:

– The Windows "Access Denied" error dialog and send users to the appropriate workflow /group membership request screen.

• Browse:

– Users find the resources they want using Group Manager.

• Request:

– Users ask for access to a resource (no knowledge of groups required).

• Map:

– Group Manager maps user requests to group membership.

• Route:

– A workflow request is created dynamically and sent to the group’s owner plus anyone elsespecified by policy.

• Provision:

– Upon approval, the user is added to the appropriate group.

• Notify:

– Users and authorizers are sent thank-you notes.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 4

Slide Presentation

9 The 50/50 Rule

A simple rule that illustrates cost savings from each Hitachi ID Group Manager feature:

Feature ImpactNet help deskworkload reduction

Self-service access requests: Eliminates 50% of calls. 50%

Simplified resolution ofaccess problems:

Shortens call duration by50%.

75%

Scenario ImpactNet workloadreduction

Conservative estimate: 50/50 75%

Optimized deployment: 60/80 92%

10 Multi-Master Architecture

UserPasswordSynchTriggerSystems

Load Balancer

SMTP or Notes Mail

IncidentManagementSystem System of

Record

IVRServer

ReverseWeb Proxy

Target Systemswith local agent:OS/390, Unix, older RSA

Firewall

TCP/IP + AES

Various Protocols

Secure Native Protocol

HTTPS

Remote Data Center

Firewall

Local Network

Target Systemswith remote agent:AD, SQL, SAP, Notes, etc

Target SystemsEmails

Tickets

Lookup & Trigger

Native

password

change

AD, Unix,

OS/390,

LDAP,

AS400

Validate PW

Web Services

Proxy Server(if needed)

Hitachi IDApplicationServer(s)

SQL/Oracle

SQLDB

SQLDB

Cloud-hosted,

SaaS apps

VPNServer

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 5

Slide Presentation

11 Windows access denied dialog leading to group membership re-quest

Animation: ../pics/camtasia/shell-extension/A-Request-Folder.cam4

12 Authorization of a request for security group membership

Animation: ../pics/camtasia/shell-extension/B-Request-Approve.cam4

13 Request approved, user can access the folder

Animation: ../pics/camtasia/shell-extension/C-approve-open-file.cam4

14 ID Management Suite Overview

• Hitachi ID Group Manager is a component of ID Management Suite.• ID Management Suite is designed to streamline management of users and passwords for enterprise

users.• A rich suite of identity and access management products, with over 11M licensed users, that can:

– Discover and connect user objects from every system.– Streamline administration of users, entitlements and login credentials.– Construct and maintain OrgChart data.– Secure access to privileged accounts on thousands of systems.

© 2012 Hitachi ID Systems, Inc.. All rights reserved. 6

Slide Presentation

15 Summary

Hitachi ID Group Manager helps organizations to more quickly, efficiently and intuitively managemembership in large numbers of Active Directory groups:

• Users focus on network resources, not groups.• Group owners, not IT, authorize requests for resource access.• IT security administrators manage the process, not individual requests.• Auditors can monitor current group membership and how users came to have the rights they do.

Learn more at Hitachi-ID.com/Group-Manager.... or ... E-mail sales@Hitachi-ID.com

www.Hitachi-ID.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

File: PRCS:presDate: March 1, 2012