1 Hitachi ID Identity Manager

Managing the User Lifecycle

Across On-Premises and
Cloud-Hosted Applications

Entitlement Administration and Governance:

Automation, requests, approvals, recertification, SoD and RBAC.

2 HiIM Work-Flow Demonstration

Example use cases of the Hitachi ID Identity Manager work-flow engine, and a description of the unique
approach to configuring and maintaining a dynamic work-flow system.

2015 Hitachi ID Systems, Inc. All rights reserved. 1

 Slide Presentation

3 HiIM Dynamic Workflow

The Hitachi ID Identity Manager workflow engine implements a single process for entering, validating,
approving and executing change requests:

Contents Create user profile, login accounts.

of a change Enable, disable login account.
request: Move, rename user object.
Change attributes.
Global Validate, set profile attributes.
business Filter, attach, remove resources.
logic: Manage unique IDs, e-mail addresses, etc.
Authorizer routing, reminders, escalation, delegation.
Inputs, Inputs: self-service requests, automated processes, SOAP
outputs: API.
Outputs: e-mails to users, help desk tickets, run connectors.

Consolidating the workflow process significantly reduces initial implementation and ongoing support
costs.

4 Dynamic Workflow

Exits
exit programs: external pro-
grams or scripting code that
notifies other systems of
Hitachi ID Identity Manager
events.
Requester
B.L.
business logic: external pro-
grams or scripting code that
modifies Hitachi ID Identity
Manager behavior.

Workflow Transaction
Form Auto- Manager Manager
input reminders Connector
Hitachi ID B.L.
Identity and Access
Management Suite Validation / Delegated Approval
Approved?
completion authority form
B.L. B.L. B.L.

Authorizer Auto-
routing escalation
B.L. B.L.

E-mail E-mail
invitations notification Target Systems

Authorizers

2015 Hitachi ID Systems, Inc. All rights reserved. 2

 Slide Presentation

5 New user provisioning process

The following animations illustrate a basic use of the work-flow system: a manager entering a change
request to provision a new user, and subsequent authorization and action to fulfill that request.

6 Automatic provisioning (scheduled batch process)

Animation: ../../pics/camtasia/v82/hiim-request-new-employee/hiim-request-new-employee.cam

7 Fill in a form: request access for a new contractor

Animation: ../../pics/camtasia/v82/hiim-request-new-user/hiim-request-new-user.cam

8 Check status of an open request

Animation: ../../pics/camtasia/v8/hiim-review-request/hiim-review-request.cam

9 Authorization process using E-mail invitations and web approval

Animation: ../../pics/camtasia/v82/hiim-authorize-review-request/hiim-authorize-review-request.cam

10 Reports users and accounts

Animation: ../../pics/camtasia/v9/hiim-users-reports/hiim-users-reports.mp4

2015 Hitachi ID Systems, Inc. All rights reserved. 3

 Slide Presentation

11 Reports orphan and dormant accounts

Animation: ../../pics/camtasia/v9/hiim-orphan-accounts/hiim-orphan-accounts.mp4

12 Reports violations of segregation of duties rules

Animation: ../../pics/camtasia/v82/hiim-sod-requests/hiim-sod-requests.cam

13 Reports detailed change history

Animation: ../../pics/camtasia/v82/hiim-workflow-requests/hiim-workflow-requests.cam

14 Summary
From a users perspective, dynamic work-flow looks just like traditional work-flow systems.
Internally, dynamic work-flow is orders of magnitude simpler to install, configure and manage.
Simplified administration is the difference between pilot installations and enterprise deployments.
Hitachi ID Group Manager further simplifies both the user experience and administrative effort for a
special class of work-flow transaction: new users asking for new security entitlements.

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com

www.Hitachi-ID.com Date: May 22, 2015 File: PRCS:pres