Scope of the 10.1 release

The Hitachi ID Identity and Access Management Suite 10.1 release includes all Hitachi ID Systems products:

  1. Hitachi ID Identity Manager -- User provisioning, RBAC, SoD and access certification.
  2. Hitachi ID Password Manager -- Self service management of passwords, PINs and encryption keys.
  3. Hitachi ID Privileged Access Manager -- Secure administrator and service accounts.

These products can be deployed separately or together, in the following combinations:

  1. Identity Manager alone.
    Note: this includes Hitachi ID Group Manager and Hitachi ID Access Certifier.
  2. Password Manager alone.
    Note: this includes Hitachi ID Login Manager and Hitachi ID Telephone Password Manager.
  3. Identity Manager and Password Manager in a shared instance.
  4. Privileged Access Manager alone.
  5. Group Manager -- a subset of Identity Manager strictly for group management.

Other combinations are technically possible but not actively tested.

UI preview

The following screen shots offer an overview of new screens in the 10.1 release.

Identity Manager

The new request UI has a mobile-friendly UI with has a multi-step wizard-like theme modeled after an e-commerce shopping cart.

Hire a contractor: 1/4 Hire a contractor: 2/4 Hire a contractor: 3/4 Hire a contractor: 4/4

The same motif applies to all requests -- for access and to update identity attributes.

Request membership in multiple groups (shopping cart) Update contact information Request new account: 1/3 Request new account: 2/3 Request new account: 3/3

A new access certification UI is highly interactive and supports fine-grained delegation.

Review and certify or revoke entitlements

Using the new certification UI, stake-holders can be asked to review identity attributes as well as entitlements. This supports delegated directory cleanup, as well as entitlement revocation.

Review and correct identity attributes, not just entitlements

Items can be selected and delegated to someone else to review. This creates a collaborative relationship between the original reviewer, who can continue to work on the selected items, and the new reviewer, who sees just those items and can help decide what to do with each one.

Send multiple line items to a delegate

Revocation actions are no longer hard-coded, and instead are configured using request forms. These forms can call for additional user input, such as a deferred deactivation date.

Deferred access revocation

Password Manager

Users can sign into Password Manager first and launch logins into other applications, which are integrated using SAML 2.0 federation. In this context, the Password Manager portal is the first thing users launch and remains open all day.

Application launchpad

Privileged Access Manager

Access can be requested and sessions initiated using a smart phone. Notably, there is no public URL to Privileged Access Manager nor are there TCP ports open on public IP addresses for RDP or SSH. This allows users to sign into systems and diagnose problems even when they have no computer nearby.

Request access using a phone

Manage an active check-out

Launch an RDP session on a smart phone

Launch an SSH session on a smart phone

Hitachi ID Identity Express: Partner Portal Edition

A completely redesigned reference implementation takes care of managing identities and credentials for people who work for partners. This allows organizations to delegate to each business partner the responsibility for managing their own users without seeing who the other partners are or who works for other partners.

B2B: Onboard a new partner B2B: Onboard a new user at a partner - 1/2 B2B: Onboard a new user at a partner - 2/2