Products Core Products ID-Synch

ID-Synch: User Provisioning

Overview:

ID-Synch® is a complete user provisioning solution that automates and simplifies the routine tasks of managing users across multiple systems. Enterprise-scale organizations depend on ID-Synch to ensure that their employees and contractors are securely and efficiently connected to vital systems and information.

ID-Synch implements the following business processes to drive updates to users and entitlements on managed systems:

• Automation: copies changes from one system to another.
• Self service: delegates change requests and approvals to users.
• Consolidation: allows administrators to manage multiple systems at once.
• Delegation: empowers departmental or regional administrators with limited authority.
• Fulfillment: gives other systems the ability to manage users through ID-Synch.

Features:

ID-Synch is enterprise user provisioning software. It reduces the cost of user administration, helps new and reassigned users get to work more quickly and ensures prompt and reliable access termination. This is accomplished through: automatic propagation of changes to user profiles from systems of record to managed systems; self service workflow for security change requests; and consolidated and delegated user administration. ID-Synch can manage users on over 70 types of systems.

(1)Core ID-Synch features include:

• Automatic Propagation of Changes from Authoritative to Target Systems

  (2)ID-Synch monitors one or more systems of record, such as HR or a corporate directory, for changes. Events such as hires, moves and terminations are transformed into administrative updates, such as creating new users, changing user attributes or disabling existing users and applied to managed systems.

  Automatic change propagation leverages existing business processes (in HR or payroll for example) to automate predictable systems administration tasks. Automated administration eliminates unnecessary manual work, hastens productivity for new users and ensures that access is promptly deactivated for terminated users.

• Self-service Authorization workflow for Change Requests

  (3)Users are empowered to submit requests for new, changed or terminated systems access or to change their personal profile information. For example, a manager may submit a request for new accounts for a new hire or contractors may request additional system access for themselves.

  Requests are automatically validated, filled out with extra attributes such as login ID or directory OU and routed to the appropriate authorizers. Authorizers are assigned based on the resources requested or the identity of the requester.

  Authorizers review open requests and may approve or reject them.

  Approved requests are automatically applied to managed systems by ID-Synch.

  In many organizations, most of the cost and delay of access management is due to entry, routing and approvals of change requests. ID-Synch streamlines requests with easy input and parallel routing, to significantly reduce the delay between first input of a request and its fulfillment.

  Rapid access provisioning improves user productivity: new hires no longer spend days or weeks waiting for access before they can start work. Managers spend less time filling in and tracking paper requests.

• Consolidated and Delegated User Administration

  (4)Security administrators can log into an ID-Synch web user interface, from which they can create new accounts; delete, enable, disable, rename or update existing accounts; and manage the membership of users in security groups and distribution lists.

  Local IT resources and managers can be assigned the right to manage some users on some systems, so they can get faster service without direct involvement from security administrators.

  Simplified management of users across systems, plus the ability to delegate some work to local IT resources, reduces the workload for security administrators.

• Consolidated Reporting and Auditing

  (5)ID-Synch collects, correlates and manages information about user access to every enterprise system, including each user's multiple login IDs, last login dates and specific security entitlements. This data is directly available for reporting and audit using either canned reports built into the ID-Synch administrative web GUI or by exporting data for use with third party reporting and analytical tools.

  ID-Synch user profile data can be used to review and adjust user access to enterprise systems. This is useful for finding and cleaning up excessive access privileges that users accumulate over time.

Benefits:

ID-Synch reduces the cost of user provisioning using:

• Automated user administration, which leverages information in other systems (HR, corporate directory) to automatically create or delete systems access
• Self-service user administration workflow, allowing users to request security changes, automatically routing them to suitable authorizers, tracking approvals and automatically implementing authorized changes
• Consolidated and delegated user administration, making security administrators more productive by enabling administration of multiple systems from a single point

ID-Synch strengthens security by:

• Enabling prompt and complete access deactivation across multiple systems.
• Automatically deactivating access for terminated users.
• Automatically detecting and deactivating or deleting orphan and dormant accounts.
• Enforcing authorization rules over security change requests.
• Implementing standards over the setup of new login IDs.
• Subjecting security administrators to personal authentication, authorization and audit logs.
• Providing consolidated reports on user access to systems, which can be used to review compliance with security policy.
• Providing an audit log of all provisioning / deprovisioning events.

© Hitachi ID Systems, Inc. 2008. All rights reserved.