1 Hitachi ID Suite

Managing the User LifecycleAcross On-Premises andCloud-Hosted Applications

Hitachi ID Suite 10.1 Features and Technology.

2 Overview

• Corporate direction – Hitachi ID view of market evolution.• Hitachi ID Suite 10.0 was a major release.

– Review of 10.0 for customers on older versions.

• Hitachi ID Suite 10.1 was released on June 12, 2017:

– Overview of enhancements.

3 Hitachi ID Direction

© 2020 Hitachi ID Systems, Inc. All rights reserved. 1

Slide Presentation

3.1 IAM responds to IT trends

IAM systems consolidate and automate the management of the lifecycles of identities , entitlementsand credentials .

How do IT trends impact this?

Mobility Cloud Big data

• Access to IAM fromBYOD.

• Leverage BYOD to offernew services, improveSLA and as 2FA.

• Manage identities,entitlements credentialson SaaS platforms.

• Privileged access toIaaS and SaaS.

• SSO to SaaS.• Deliver IAM as SaaS.

• Entitlement analytics –role mining, risk scores.

• Enrich log data withidentity correlation.

• Pattern and riskanalysis of filesystemACLs.

Security and governance are the core outcome of IM, PM and PAM.

3.2 High level roadmap (all products)

Three industry-leading products.Significant new features and integrations:

Hitachi ID IdentityManager

Hitachi ID PasswordManager

Hitachi IDPrivileged AccessManager

Hitachi ID MobileAccess

• Entitlementanalytics.

• Expandedaccesscertification.

• Lifecyclemanagementfor folders,shares.

• Filesystem ACLanalytics.

• Federated SSO(SAMLv2 IdP).

• Password wallet(secure,personalstorage).

• Accessdashboard.

• Incrementalauto-discovery.

• Launchsessions fromBYOD, off-site,non-IEbrowsers.

• Dynamic riskscoring.

• 2FA for all apps.• Push

notifications tomobile.

• One-clickrequestapproval.

• Corporate whitepages / peoplesearch.

4 Hitachi ID Suite 10.0

© 2020 Hitachi ID Systems, Inc. All rights reserved. 2

Slide Presentation

4.1 Enhancements in 10.0

General HiPAM HiIM, HiPM

• Single-system,event-drivenauto-discovery.

• Suite can act as afederated IdP.

• Mobile app adds 2FA.• Push notifications to

mobile.• Updated 95 search

engines across 200+screens.

• Landing pagecustomizable ("pin" links,dashboards, reports).

• Search in nav (menuentries, reports).

• Drill-down ingraphs/dashboards.

• New dashboard(requests, checkouts).

• New SSO mechanisms:HTML5 session proxy,non-ActiveX clients.

• Simplified config forWindows serviceaccount passwordmanagement.

• Strong auth inemergencies.

• New referenceimplementation tosignificantly reduce TCO.

• Schema overhaul -performanceenhancements.

• Recertify role definitions,SoD rules.

• Direct support formanaging nestedgroups.

• Manage cross-targetgroup memberships.

• Improved UI in requester,certifier screens.

• Workflow to createfolders+groups onWindows/AD.

• Personal passwordvaults.

• Updated referenceimplementation tosignificantly reduce TCO.

5 Hitachi ID Suite 10.1

5.1 General capabilities

• Audit tables:

– In-product history of configuration changes.– Visible in reports, to comply with audit requirements.

• Internal mechanisms / infrastructure:

– Updated plug-in framework for calculating, validating user input.– JSON framework for more interactive UIs.

• General performance improvements:

– Cached JS on client (faster page loads).– Schema updates.– Workflow and queue management improved.– Multi-threaded discovery of systems, accounts.

• More performant, reliable infrastructure for detecting and initiating renames of accounts, users andgroups.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 3

Slide Presentation

5.2 Hitachi ID Identity Manager

• Expanded access certification:

– Delegate at the line-item level, not just the entire review.– Collaborate between original reviewer and delegate.– Totally new UI (interactive, AJAX/Angular, "clicky.")– Replace hard-coded deprovisioning actions with configurable requests.

• New request UI:

– Totally rewritten, wizard-like flow.– Internal policies, calculations much more efficient.– Mobile friendly.– Task oriented.

• Certifier can review attributes, add users:

– Previously, cert process was only to accept or remove entitlements.– Now reviewers can correct identity attributes.– Reviewers can also onboard new users from cert UI.– Motivation: cert to clean/enrich CRM data.

• Expanded, updated analytics around cert process.

5.3 Hitachi ID Password Manager

• Portal single sign-on:

– Record, timestamp successful logins in a cookie.– Skip login process for some users if there was a recent success (configurable through policy).

• Federated application launch pad:

– Present icons of apps users are allowed to sign into.– Users click icons to launch and sign into those applications.– NOTE: for SAML integrations only. Typically SaaS.

• New analytics to monitor utilization of 2FA, federation.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 4

Slide Presentation

5.4 Hitachi ID Privileged Access Manager

• Launch admin sessions on mobile phone using Hitachi ID Mobile Access:

– Think 2AM support call.– Infrastructure for new vendor-access architecture.

• New framework to map out and manage SSH trusts.

– Discover, analyze the trust graph.– Incorporate trust relationships when calculating request, approvals required for access requests.– Inject temporary trust relationships.

• Expanded attributes/schema:

– Applied to vault-only credential storage.– Displayed next to systems, accounts in the UI.

• Self-service onboarding and offboarding of systems, accounts.• Many enhancements to existing disclosure plug-ins and other PAM elements.

5.5 Hitachi ID Identity Express

• New reference implementation for IM/PM for partner portals:

– Delegate to each partner/customer the ability to manage their own users on a shared portal.

• New reference implementation for enterprise PAM deployments:

– Faster, lower cost, lower risk implementations.

• Being developed:

– Vendor access – no public URL, 2FA and delegated IAM included, session monitoring included.– Certification for CRM – review/remediate contact information.

6 UI Samples

6.1 App launchpad

• Users can sign into Hitachi ID Password Manager and launch other apps from there.• This makes Password Manager the first thing they sign into all day.• Keep the portal open throughout the day.• Just click on icons to sign into apps.• Note: integration with app login screens is via SAML 2.0 federation.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 5

Slide Presentation

6.2 Application launchpad

6.3 New request UI

• A new UI is used to submit all access requests.• The popup dialog walks the requester through the process.• A wizard-like sequence is used.• A shopping-cart theme allows users to easily add/remove items.• The entire UI is BYOD friendly (swipe left/right for panels).

© 2020 Hitachi ID Systems, Inc. All rights reserved. 6

Slide Presentation

6.4 New hire - 1/4

6.5 New hire - 2/4

© 2020 Hitachi ID Systems, Inc. All rights reserved. 7

Slide Presentation

6.6 New hire - 3/4

6.7 New hire - 4/4

© 2020 Hitachi ID Systems, Inc. All rights reserved. 8

Slide Presentation

6.8 New certification UI

• A new UI is used to review entitlements and profile attributes.• Delegation by line item is supported.• Different filters and views simplify the review.• Revocation actions leverage request forms and may include extra attributes, such as a future date.

6.9 Review and certify or revoke entitlements

© 2020 Hitachi ID Systems, Inc. All rights reserved. 9

Slide Presentation

6.10 Review and correct identity attributes

© 2020 Hitachi ID Systems, Inc. All rights reserved. 10

Slide Presentation

6.11 Invite a delegate to review items

© 2020 Hitachi ID Systems, Inc. All rights reserved. 11

Slide Presentation

6.12 Revocation can be at a later date

6.13 Request for groups and roles

• A multi-select request UI is used to request group memberships or role assignments.• Multiple items can be selected, for a shopping-cart type of experience.• SoD policy policy enforcement is still performed in real time, as a core part of the request.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 12

Slide Presentation

6.14 Request groups / entitlements (shopping cart)

6.15 B2B: Onboard a new partner

© 2020 Hitachi ID Systems, Inc. All rights reserved. 13

Slide Presentation

6.16 B2B: Partner onboarding own user - 1/2

6.17 B2B: Partner onboarding own user - 2/2

© 2020 Hitachi ID Systems, Inc. All rights reserved. 14

Slide Presentation

6.18 Consistent request UI

• The same request screens are used for all forms.• For example, changing contact information of asking to create a new account.

6.19 Update profile information

© 2020 Hitachi ID Systems, Inc. All rights reserved. 15

Slide Presentation

6.20 Request new account - 1/3

6.21 Request new account - 2/3

© 2020 Hitachi ID Systems, Inc. All rights reserved. 16

Slide Presentation

6.22 Request new account - 3/3

6.23 Privileged access on smart phones

• The PAM app on iOS and Android now supports SSH and RDP sessions.• Users can request, approve, check-out and launch logins using their phones.• This is especially useful when users need to quickly diagnose a problem but do not have a PC

nearby.

© 2020 Hitachi ID Systems, Inc. All rights reserved. 17

Slide Presentation

6.24 Privileged access request from phone

6.25 Remote desktop from phone (no public URL)

© 2020 Hitachi ID Systems, Inc. All rights reserved. 18

Slide Presentation

6.26 Manage an active check-out with phone

6.27 SSH from phone (no public URL or TCP port)

© 2020 Hitachi ID Systems, Inc. All rights reserved. 19

Slide Presentation

6.28 Access certification: reviewer UI

Animation: ../../pics/camtasia/v10/hiim-certification-user-experience.mp4

7 Discussion

hitachi-id.com

500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 E-Mail: sales@hitachi-id.com

Date: 2020-03-23 | 2020-03-23 File: PRCS:pres