1 Hitachi ID Identity Manager

Managing the User Lifecycle

Across On-Premises and
Cloud-Hosted Applications

Entitlement Administration and Governance:

Automation, requests, approvals, recertification, SoD and RBAC.

2 Agenda
Introductions.
Hitachi ID corporate overview.
Hitachi ID Suite overview.
Identity problems and Hitachi ID Identity Manager benefits.
The HiIM solution.
Software demonstration.

2015 Hitachi ID Systems, Inc. All rights reserved. 1

 Slide Presentation

3 Hitachi ID Corporate Overview

Hitachi ID delivers access governance

and identity administration solutions
to organizations globally.
Hitachi ID solutions are used by Fortune 500
companies to secure access to systems
in the enterprise and in the cloud.
Founded as M-Tech in 1992.
A division of Hitachi, Ltd. since 2008.
Over 1200 customers.
More than 14M+ licensed users.
Offices in North America, Europe and
APAC.
Partners globally.

2015 Hitachi ID Systems, Inc. All rights reserved. 2

 Slide Presentation

4 Representative Customers

5 Hitachi ID Suite

2015 Hitachi ID Systems, Inc. All rights reserved. 3

 Slide Presentation

6 Identity and Access Problems

For users
How to request a change?
Who must approve the change?
When will the change be completed?
Too many passwords.
Too many login prompts.
For IT support
Onboarding, deactivation across many
apps is challenging.
More apps all the time!
What data is trustworthy and what is
obsolete?
Not notified of new-hires/terminations on
time.
Hard to interpret end user requests.
Who can request, who should authorize
changes?
What entitlements are appropriate for
each user?
The problems increase as scope grows
from internal to external.

7 Identity and Access Problems (continued)

For Security / risk / audit For Developers
Orphan, dormant accounts. Need temporary access (e.g., prod
Too many people with privileged access. migration).
Static admin, service passwords a Half the code in every new app is the
security risk. same:
Weak password, password-reset
processes. Identify.
Inappropriate, outdated entitlements. Authenticate.
Who owns ID X on system Y? Authorize.
Who approved entitlement W on system Audit.
Z? Manage the above.
Limited/unreliable audit logs in apps. Mistakes in this infrastructure create
security holes.

2015 Hitachi ID Systems, Inc. All rights reserved. 4

 Slide Presentation

8 Identity and access management

Identity and access management is
software to automate processes
to securely and efficiently manage
identities, entitlements and credentials:

Processes: Policies: Connectors:

Data synchronization.
Self-service requests.
Authorization workflows.
Manual and automated
fulfillment.
Login ID assignment. Applications.
Approvals workflow. Databases.
Segregation of duties. Operating systems.
Visibility, privacy. Directories.

9 Hitachi ID Suite Component Overview

Hitachi ID Create, manage and delete users and entitlements.

Identity Manager Automation, self-service and delegation.

Hitachi ID Periodic review and cleanup of users and entitlements.

Access Certifier
Hitachi ID Self service, resource-centric management of AD
Group Manager group membership.

Hitachi ID Synchronize, reset passwords.

Password Manager Manage RSA tokens, security questions, voice prints,
PKI certs.
Periodically randomize and control access to sensitive
passwords.

Addons
Hitachi ID Periodic updates to data mapping users to their
Org Manager managers.

Hitachi ID Turn-key IVR for password reset and token

Phone PW Manager management.

Hitachi ID Auto-populate login IDs and synchronized passwords

Login Manager for users.

2015 Hitachi ID Systems, Inc. All rights reserved. 5

 Slide Presentation

10 Hitachi ID Suite

2015 Hitachi ID Systems, Inc. All rights reserved. 6

 Slide Presentation

11 Hitachi ID Suite in the User Lifecycle

Lifecycle Automation Self-service / Policy enforcement

stage request workflow
Onboarding
From HR Web UI (contractors). Role-based
(employ- setup.
ees). Standardized
IDs, OU, mail
store, etc.

Management
Identity Applications. SoD
synchro- Group membership. enforcement.
nization. Profile updates. Authorize
Automatic changes.
role ID mapping.
changes.

Support
Password reset. Password
Resolve access denied strength.
errors. Password
expiry.

Deactivation
Auto- Access certification. Archive
termination. Scheduled terminations. mailboxes,
home dirs, etc.

2015 Hitachi ID Systems, Inc. All rights reserved. 7

 Slide Presentation

12 HiIM Features

Automation:
Provision joiners, deactivate leavers.
Multiple HR feeds.

Requests portal:
Self-service profile updates.
Delegated security change requests.

Security controls:
Access certification.
RBAC and SoD.
Reports on current entitlements, history.

Workflow process:
Authorizers.
Implementers.
Certifiers.

Integrations:
110+ bidirectional connectors, included.
Incident management, SIEM, e-mail interfaces.
Manage building access, physical assets.

Identity synchronization:
Consistent data among apps.

2015 Hitachi ID Systems, Inc. All rights reserved. 8

 Slide Presentation

13 Closed Loop IAM

Integrated Hitachi ID Suite Integrated

Systems List accounts Target
List
of Record people Auto Systems
discovery
Updates
Detected
changes
Create, Non-integrated
Auto-provisioning Identity delete, Systems
Identity synch. Cache update
Updates accounts
Automatic
request
- Validate requests
Auto-
Manual Requests - Route for approval
Requesters Web UI - Invite authorizers
fulfillment
request
- Send reminders Work
- Escalate Queue
Invitations - Delegate Create,
Manual delete,
fulfillment Connectors update
Request Transaction accounts
Approvals Queue
Authorizers Approve,
Web UI
Manager
reject,
delegate

Invitations Invitations

Certification Workflow Implementer Accept,

Certifiers Review,
Implementers
certify, Web UI Manager Web UI confirm
correct

2015 Hitachi ID Systems, Inc. All rights reserved. 9

 Slide Presentation

14 Technology Advantages

Unique features Rapid deployment

"Administration" and "governance" in one Reference builds accelerate deployment.
product. Key features built-in:
Access, authorization built around
relationships. Request forms.
Self-service from any device, any Authorization workflow.
location. Access certification.
Intercept "Access Denied" errors to
simplify requests.
"One stop shopping" with implementer
workflows.
SoD engine detects effective violations.
Scalable platform Integrations
Real-time data replication. 110+ included connectors.
Multi-master, active-active. Flexible/scriptable connectors.
Proxy server to cross firewalls. Incident management/ticketing.
Native code + stored procedures. SIEM.

15 The Hitachi ID Solution is Flexible

Customize: Every aspect of the user interface

Input validation
Attribute mapping to target systems
Integrate with: 110+ target system types
Call tracking systems
HR systems
Authentication hardware
Meta directories

Enforce: Password policy

Authentication rules
Change authorization rules
User naming standards

2015 Hitachi ID Systems, Inc. All rights reserved. 10

 Slide Presentation

16 Scalability and Fault-Tolerance

Multiple, load-balanced Hitachi ID Identity Manager servers:

Active/active architecture.
Data replication between nodes:
Built-in, easy to configure.
WAN-friendly (high latency, low bandwidth, insecure channels).
Reliable (multiple retry queues).
Proxy servers resolve connection problems:
Across firewalls.
Over slow, insecure network routes.
Large production deployments:

5M users.
130,000 managed systems.
12 load balanced IAM servers.
10,000 completed transactions/hour.

2015 Hitachi ID Systems, Inc. All rights reserved. 11


17 Included Connectors
Many integrations to target systems included in the base price:
Directories:
Any LDAP, AD, WinNT, NDS,
eDirectory, NIS/NIS+.
Unix:
Linux, Solaris, AIX, HPUX, 24
more variants.
ERP:
JDE, Oracle eBiz,
PeopleSoft, PeopleSoft HR,
SAP R/3 and ECC 6, Siebel,
Business Objects.
WebSSO:
CA Siteminder, IBM TAM,
Oracle AM, RSA Access
Manager.
Servers:
Windows NT, 2000, 2003,
2008[R2], 2012, Samba,
Novell, SharePoint.
Mainframes, Midrange:
z/OS: RACF, ACF2,
TopSecret. iSeries,
OpenVMS.
Collaboration:
Lotus Notes, iNotes,
Exchange, GroupWise,
BlackBerry ES.
Help Desk:
ServiceNow, BMC Remedy,
SDE, HP SM, CA Unicenter,
Assyst, HEAT, Altiris, Clarify,
RSA Envision, Track-It!, MS
System Center Service
Manager
2015 Hitachi ID Systems, Inc. All rights reserved.
Slide Presentation
Databases:
Oracle, Sybase, SQL Server,
DB2/UDB, Informix, Progress,
ODBC, Oracle Hyperion EPM
Shared Services, Cache.
HDD Encryption:
McAfee, CheckPoint,
BitLocker, PGP.
Tokens, Smart Cards:
RSA SecurID, SafeWord,
RADIUS, ActivIdentity,
Schlumberger.
Cloud/SaaS:
WebEx, Google Apps, MS
Office 365, Success Factors,
Salesforce.com, SOAP
(generic).
12
 Slide Presentation

18 Rapid Integration with Custom Apps

Hitachi ID Identity Manager easily integrates with custom, vertical and hosted applications using
flexible agents .
Each flexible agent connects to a class of applications:
API bindings (C, C++, Java, COM, ActiveX, MQ Series).
Telnet / TN3270 / TN5250 / sessions with TLS or SSL.
SSH sessions.
HTTP(S) administrative interfaces.
Web services.
Win32 and Unix command-line administration programs.
SQL scripts.
Custom LDAP attributes.
Integration takes a few hours to a few days.
Fixed cost service available from Hitachi ID.

19 Multi-Master Architecture

ord ,
sw nix
as , U 0, d,
ep
tiv nge AD S/39 P, o ste
a
N ha O DA 0 -h s
c L S 40 ud app
A ch
s y n ms
Clo aaS
ord yste
S
w
ss r s
Pa igge
pw tr
ate ith
Va
lid s w 90,
s tem OS/3
y : SA s
t s nt ce
ge ge r R rvi
ad cer Tar cal a , olde b se
Lo alan o
l nix e
b W h L,
Hitachi ID u wit SQ
server t ems : AD,
ys n t
se y t s ge etc
ver rox ge e a es,
Re eb p SQL Tar mot Not
w DB re AP,
S
N
VP erver n
s ad cer tio
Lo alan s ca B
pli
b tion ons SQL
ca ati
DB Re
nter
tifi vit e
IVR erver No nd in
t ac
Da
s a Hitachi ID
ts
ke server
Tic

ter
m
ste ord all
Sy f rec
ail
E-mystem
o Fir
ew
c en
t
ge ms ta
s
nt ste
m all Tar yste da
ide sy ew S te
mo
TCP/IP + AES Fir
Inc gmt
Various Protocols m
HR rA erv
er Re
nte y s ded)
Secure Native Protocol
ce x
Pro f nee
ta (i
Da
HTTPS

2015 Hitachi ID Systems, Inc. All rights reserved. 13

 Slide Presentation

20 Server Internal Architecture

Remote Site Integrations Core Services

IIS or Apache

Execute
List, Inspect,

HTTPS
Create, Delete, IDWFM
Connector

Secure RPC
Modify: Workflow Manager
Users, Groups User Web
User Interface Browser

Exits IDTM
Transaction Manager
Target Hitachi ID End User
System Proxy Server
PSUPDATE
Auto-Discovery

Execute
Business Logic
Native API,
Admin/Config
Protocol
IDTRACK
Plugins Automation Engine

Target
System Hitachi ID IDDB
Encrypted Database Manager
Protocol

Local
Agent
Target Oracle or MSSQL
System Hitachi ID
Real-Time
Encrypted Stored Procs Server:
Replication Identity Cache
Requests
IDM Internal
Database
Configuration Components
History
Hitachi ID
Server

21 Rapid Deployment and Low TCO

Optimized to minimize effort: Using Hitachi ID Identity Manager
technology:
HiIM: Reference implementations typical use
cases preconfigured.
Initial deployment: Built-in discovery, mapping of IDs,
2 4 months. entitlements.
Ongoing maintenance: Policy driven workflow, included.
0.5 1.0 FTE. Implementer process for small apps.
RBAC (can be costly) is optional.
110 connectors out of the box (more easy
to add).

2015 Hitachi ID Systems, Inc. All rights reserved. 14

 Slide Presentation

22 Technology Advantages

Unique features Rapid deployment

"Administration" and "governance" in one Reference builds accelerate deployment.
product. Key features built-in:
Access, authorization built around
relationships. Request forms.
Self-service from any device, any Authorization workflow.
location. Access certification.
Intercept "Access Denied" errors to
simplify requests.
"One stop shopping" with implementer
workflows.
SoD engine detects effective violations.
Scalable platform Integrations
Real-time data replication. 110+ included connectors.
Multi-master, active-active. Flexible/scriptable connectors.
Proxy server to cross firewalls. Incident management/ticketing.
Native code + stored procedures. SIEM.

23 Hitachi ID Professional Services

Hitachi ID offers a variety of services relating to Hitachi ID Identity Manager, including:

Needs analysis and solution design.

Fixed price system deployment.
Project planning.
Roll-out management, including maximizing user adoption.
Ongoing system monitoring.
Training.
Services are based on extensive experience with the Hitachi ID solution delivery process.
The Hitachi ID professional services team is highly technical and have years of experience deploying
IAM solutions.
Hitachi ID partners with integrators that also offer business process and system design services to
mutual customers.
All implementation services are fixed price:
Solution design.
Statement of work.

2015 Hitachi ID Systems, Inc. All rights reserved. 15

 Slide Presentation

24 Hitachi ID Solution Delivery Approach

Fixed-price: All work is delivered on a fixed-price, fixed-deliverables basis. The

"meter" is never running.
Phases, milestones: Hitachi ID recommends breaking up long projects into phases of 13
months. Work is reviewed and payment is due when milestones are met.
Open assignment: Each phase may be undertaken by Hitachi ID, the customer, a systems
integrator or a combination of the participants.
Templates: Template documents and sample business logic are used to expedite
work.
Customer portal: A self-service portal supports discovery, client/partner/vendor interaction,
document distribution and more.

25 AdMax: Maximizing User Adoption

Successful implementation of an identity and access management system must be supported by an
effective user adoption program.
AdMax is an Hitachi ID professional services program, used to plan for and execute effective user
enrollment projects.
AdMax is designed to maximize adoption of and ROI from Hitachi ID identity management solutions,
using:
Best practices, case studies and industry norms.
Enrollment, user adoption and ROI measurement.
Incentive and disincentive programs.
Presentations and training materials for users and HD staff.
Project roles and responsibilities.
Sample project plans, promotional materials, e-mails, graphics and other user communications.
Workbooks for project implementation.

2015 Hitachi ID Systems, Inc. All rights reserved. 16

 Slide Presentation

26 Summary
An integrated solution for managing identities and entitlements:
Automation: onboarding, deactivation, detect out-of-band changes.
Self-service: profile updates, access requests.
Governance: certification, authorization workflow, RBAC, SoD, analytics.
Automatically manage identities, entitlements: 110 bidirectional connectors.
Other integrations: filesystem, collaboration, SIEM, incident management.
Rapid deployment: pre-configured reference implementation.

Security, lower cost, faster service.

Learn more at Hitachi-ID.com/Identity-Manager

27 Getting an IAM Project Started

Build a business case.
Get management sponsorship and a budget.
Discovery phase, capture detailed requirements.
Assemble a project team:

security
system administration
user support
etc.
Try before you buy: Demos, POCs, pilots.
Install the software, roll to production.
Enroll users, if/as required.

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

www.Hitachi-ID.com Date: May 22, 2015 File: PRCS:pres