HP Service Manager + HP software partner Hitachi ID = Self-service password, identity & access mgmt!

A common obstacle to achieving high productivity in IT helpdesk organizations is the high call volume of simple end user requests which would be better serviced by empowering end users to place the request themselves and then automating request fulfillment. 

 

The number one call type, for example, accounting for over 35% of all help desk calls, is password resets.  Other common call types are requests for access rights and requests to change identity information.  In addition, many users have more security entitlements than they need and access is often not deactivated when the user no longer needs it, purely because it is too complex and expensive to manage access rights manually.  Finally, from a service perspective, users wait for their passwords and access rights to be granted and for identity information changes to be executed, negatively impacting their productivity. 

 

Through an arrangement with HP Software Business Partner Hitachi ID Systems, HP Service Manager (HPSM) customers can experience 35%+ lower call volumes, 90% lower handling times for assisted password resets, policy enforcement and reporting (which harden security and minimize audit costs).  Users set (and if locked out, reset) passwords, request changes to identity information, and request access rights changes themselves, and requests are handled with automated fulfillment workflows.  The tight HP Service Manager integration provides perfect management visibility into all password/identity/access-related user activity.

 

Customer challenges

  • Forgotten and locked out passwords:  One of the core values of HPSM is to lower IT support costs. The #1 type of support incident in most IT help desks is users calling about forgotten or locked out passwords. These incidents can be reduced and resolved through self-service using Hitachi ID Password Manager 

 

  • Consolidated reporting for assisted and self-service incidents:  Another benefit of HPSM is to create visibility into all IT activity, by opening, populating and tracking incidents for both support and change events. All Hitachi ID Systems products include an interface integration that can create, update and close HPSM incidents, to support this objective.  

 

  • Updating identity information through the service catalog:  One of the most common requests made by users is to update their identity information – new phone number, mailing address, name change, etc. Without automation, these requests are received by a support analyst, recorded in HPSM and applied to one or more applications by system administrators. This is a costly process.  An integration between HP Service Manager Service Catalog and Hitachi ID Identity Manager can be used to eliminate this process. Users can update their profile information directly using a service catalog form. The service catalog form links to an Identity Manager request.  Identity Manager may apply further validation or authorization logic and implement changes on multiple systems and applications automatically. Identity Manager can even update and close the HPSM incident opened through the service catalog portal. 

 

  • Requesting access changes through the service catalog:  Another common class of requests made by users is for changes to access rights. This may include on-boarding requests for a new employee or contractor, deactivation requests when someone leaves the organization or requests access to files, folders, shares, printers, applications and more on behalf of an existing user.  As with identity information requests, access requests can be published through the HPSM service catalog.  The service catalog form links to a Hitachi ID Identity Manager request.  Identity Manager may apply further validation or authorization logic and implement changes on multiple systems and applications automatically. Identity Manager can even update and close the HPSM incident opened through the service catalog portal.

 

  •  Securing access to privileged accounts:  One of the most important security problems in most organizations is the widespread use of shared, static passwords to sign into privileged accounts. Even in organizations where user passwords are subject to stringent controls, administrators continue to share the same password between many people and systems.  Hitachi ID Privileged Password Manager can be used to secure privileged accounts by periodically randomizing their passwords and applying a combination of access control policy, workflow approvals, audit logs, and reports to control access to these accounts. In large organizations, Hitachi ID Privileged Password Manager can be integrated with DDMI to import data about discovered computer systems and lower configuration effort.

 

Hitachi ID Systems value proposition

The Hitachi ID Management Suite delivers several concrete business values:

  • Improved user productivity, due to reduced wait for new and updated systems access and fewer authentication problems.
  • Minimized security administration cost, as the bulk of user management is automated or delegated to business users and password resets are either eliminated or resolved with self-service.
  • Enhanced security, as inappropriate access is terminated quickly and reliably.
  • Regulatory compliance, including the ability to audit access rights globally, to ensure that only appropriate users have access to sensitive systems and data.

These benefits, combined with technology built for rapid deployment, yield ROI (return on investment) more quickly than any other identity and access management software on the market.

 

HP Service Manager and all Hitachi ID Systems Products

When any one of 78 events take place on a Hitachi ID Management Suite server – including authentication failures, intruder lockouts, identity profile updates, access provisioning or deactivation, password resets and more, the Hitachi ID Management Suite server can create and populate a suitable HPSM incident.  Incidents created in HPSM by the Hitachi ID Management Suite are visible in HPSM reports and can be tracked alongside manually created events.

 

HP Service Manager and Hitachi ID Password Manager

The core value proposition of HP Service Manager is to streamline IT operations and lower IT support costs.  Hitachi ID Password Manager supports the same objectives.  Password Manager realizes cost savings and enhanced productivity for both users and the IT support organization:

  • User productivity: Users experience fewer password problems.  This is a result of password synchronization, which helps users to remember one or two passwords, rather than forgetting or writing down many different passwords.
  • Fewer IT support calls: Login problems are resolved by users, without calls to the help desk.  Users can reset forgotten passwords, clear intruder lock-outs, recover hard disk encryption keys and reset PINs on their smart cards and tokens – all via self-service.
  • Reduced cost per support incident: Calls that still reach the help desk are resolved more quickly.  Remaining login-related support calls are resolved with a streamlined Password Manager process, which includes analyst authentication, caller authentication, problem resolution and which automatically submits a ticket to the help desk incident management system.

 

Password Manager can be integrated with HPSM in several ways:

1. Automatically create/close incident:

Whenever Password Manager resets a user password (self-service or assisted) an incident can be automatically created, populated and closed in HPSM to record this service event. This allows service events to be recorded in a uniform manner, regardless of whether they were assisted or automated.

 

2. Launch Password Manager session from HPSM incident UI:

The HPSM user interface can be extended to include a link to Password Manager. When this is done, an IT support analyst first signs into HPSM to open an incident, then clicks through to Password Manager where he authenticates the caller and resets one or more passwords. Password Manager then automatically updates the incident in HPSM.

 

3. Manage HPSM passwords:

Password Manager can be used to manage user passwords on HPSM. This is appropriate in case end users sign into HPSM with HPSM-specific accounts and passwords (rather than AD, LDAP, etc.) and is often helpful for IT support staff.

 

HP Service Manager and Hitachi ID Identity Manager

HPSM can be used to request IT services. A whole category of services is identity and access related, with requests such as:

1. Create login accounts for a new employee or contractor.

2. Update profile information for an existing user – mailing address, phone number, name, department, location, etc.

3. Request new access rights for an existing user.

4. Terminate some or all access rights for an existing user.

 

These requests are often components of a larger change. For example, when on-boarding a new user, the service request may call for a desk to be assigned, a phone and PC to be provisioned, a network jack and phone jack to be activated, software to be installed on the PC and various access rights to be provisioned on the network.

 

HPSM can be integrated with Hitachi ID Identity Manager so that requests are entered via HPSM and forwarded to Identity Manager for fulfillment using its web service API.

 

When this is done, validation and authorization for the request can be implemented in either HPSM or Identity Manager. Form validation in HPSM is generally preferable, so that user feedback is immediate.  Authorization may be preferable in Identity Manager, since it has a more powerful built-in approvals process.

 

The built-in workflow engine is designed to elicit prompt and reliable feedback from business users, using:

• Concurrent invitations to multiple users to review a request.

• Approval by N of M authorizers.

• Automatic reminders.

• Escalation from non-responsive authorizers to their alternates.

• Delegation of approval responsibility.

 

As Identity Manager completes work on a request submitted by HPSM, it can use the HPSM API to update the incident, indicating completion of tasks that originated with HPSM and populating any ancillary information (example: assigned login ID, initial password, etc.).

 

Just as requests can be entered by help desk agents as individual service requests in HPSM’s Help Desk module, they can also be entered by end users via HPSM Service Catalog. The integration here is the same – user requests a service via the service catalog which is fulfilled, in part or in full, by Hitachi ID Identity Manager. The flow of data from the service catalog to Identity Manager is via a web services API exposed by Identity Manager, with feedback from Identity Manager to HPSM via the HPSM API.

 

Hitachi ID Identity Manager includes connectors for a wide variety of systems and applications.  In a typical Identity Manager deployment, an auto-discovery process runs nightly and extracts a list of login IDs, identity attributes, security groups and group memberships from each integrated application.  This data – namely a list of login ID, last login date and enabled/disabled status can be periodically extracted from the Identity Manager database and loaded into HP Asset Manager using text files. Once in HP Asset Manager, this data supports analysis of software license usage and compliance.

 

HP Service Manager and Hitachi ID Privileged Password Manager

 Hitachi ID Privileged Password Manager is used by IT staff to sign into privileged accounts on network devices, computers, databases and more. They do this in order to make administrative changes, perform maintenance, etc.

 

IT activity is normally tracked through HPSM. As such, users may be required to enter a valid incident number into Privileged Password Manager when they request a login session to a privileged account.  Privileged Password Manager can be configured to verify that:

1. The incident number entered by the IT user is valid.

2. The incident is assigned to the user in question, is open and relates to the system access to which is requested.

 

Once a user establishes a login session to a privileged account using Privileged Password Manager, it can also update the HPSM incident, for example recording the fact that a login session was initiated and recording data such as the user’s workstation IP.

 

Hitachi ID Privileged Password Manager is typically configured to randomize passwords and control access to privileged accounts on systems and applications on a frequent basis – by default, daily.  In medium to large organizations, there may be thousands of systems where Privileged Password Manager will randomize passwords and control access to privileged accounts. This creates a configuration and maintenance challenge:  how are addresses and credentials for thousands of systems entered into Privileged

Password Manager?

 

Privileged Password Manager can consume data feeds, in the form of structured text files, identifying integrated systems. An integration with HP Discovery and Dependency Mapping Inventory (DDMI) can be constructed to generate such a data feed and load it into Privileged Password Manager periodically (example: daily). This eliminates the need for Privileged Password Manager to use its own auto-discovery infrastructure to discover systems where it will manage access.

 

About Hitachi ID Systems 

Hitachi ID Systems, Inc. is the leading password management vendor world-wide and a leading provider of identity management solutions.  Hitachi ID Management Suite is designed to simplify and secure the management of user life-cycles, from on-boarding until termination, across most common types of systems and applications.  Hitachi ID products, available either separately or bundled together within the suite, help organizations strengthen network security, lower IT support costs and improve user productivity.  Their customers achieve these results by implementing automation and self-service processes to more effectively manage passwords and other authentication factors, to provision and deactivate user access and to manage user privileges.  Their products have been deployed at over 840 organizations world-wide.  The company is headquartered in Calgary, Canada and has regional offices in Canada, United States, and Australia. 

 

For more information

For more information on Hitachi-ID integrations with HP Service Manager, please contact your local HP sales representative or HP authorized channel partner, or visit http://www.hitachi-id.com.

Comments
Electrical contractors(anon) | ‎11-19-2011 07:22 AM

hp is my favourite brand. I think electronics products of hp is best quality specially laptop.Thanks

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
A 25+ year veteran of HP, Yvonne is currently a Senior Product Manager of HP ITSM software including HP Service Anywhere and HP Service Man...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation