- Policy is now available to determine whether successive logins into Hitachi ID Identity and Access Management Suite require re-authentication, or whether recent and successful logins are 'remembered' to provide a single sign-on experience. A determination of whether and for how long to "remember" the user's login status may be based on group memberships or attributes of the user, time of day or day of week, device type and IP address range.
- The system now properly detects and responds to changes in the names of accounts and groups on target systems, treating them as renames rather than pairs of delete/add operations.
- Audit tables capture configuration changes to the product within its own database and support reports on who changed what and when.
- The plug-in framework, in particular when submitting
access requests, has been simplified and streamlined.
Hitachi ID Identity Manager:
- Access certification has been expanded with many new features,
- Reviewing and correcting identity attributes from the certification UI.
- Specifying request forms to trigger for revocation actions, which may capture additional information, such as a deferred access revocation date.
- The ability to transfer selected items to a delegate, rather than the entire review.
- Collaboration between the original and delegated certifier,
who can act on the same review simultaneously.
- The certification UI is entirely new, with a cleaner look and the ability to apply single actions to multiple selected items.
- The access request UI is entirely new, more mobile friendly and designed around a task-oriented, shopping-cart-like theme.
- A completely new reference implementation (Hitachi ID Identity Express) of
IAM + password management, designed to automate the management
of identities, entitlements and credentials for users affiliated
with business partners (business to business / B2B).
Hitachi ID Privileged Access Manager:
- The Hitachi ID Mobile Access mobile app and associated cloud-hosted mobile proxy can now launch SSH and RDP sessions. This allows authorized users to quickly diagnose problems regardless of their location and what device they have available.
- A new framework for discovering and mapping SSH trust relationship graphs is included. This informs Hitachi ID Privileged Access Manager business logic of what additional accounts a user would gain access to if he is signed into a given Unix/Linux accounts. Granting access via SSH trust injection is also greatly simplified.
- Better support for enriching information about
managed systems and managed accounts with metadata, along with
self-service request forms that enable system administrators
to onboard systems and accounts.
Hitachi ID Password Manager:
- An application launch-pad is introduced into the main landing page, allowing users to initiate login sessions into applications that have been linked to Hitachi ID Suite via federated trust relationships. Using this, users first sign into Hitachi ID Suite and then click on application icons to launch additional logins into linked applications.
- New analytics monitor use of different authentication methods
to sign into Hitachi ID Suite and of logins to linked applications
via SAML federation.