Hitachi ID Privileged Access Manager is a system for securing access to elevated privileges.
It works by regularly randomizing privileged passwords on PCs, servers, network devices and applications.
Random passwords are encrypted and stored in two or more replicated credential vaults.
Access to privileged accounts may be disclosed:
To people, after suitable identification, authentication and authorization.
To applications, replacing embedded passwords.
To Windows systems, which need them to start services.
A customer wants to use "Hitachi ID Privileged Access Manager" to grant AveksaAdmin rights to an end user in our Governance and LifeCycle product and probably needs to submit an RFE to detail precisely how they want to do this.
1) From a brief call today, the customer indicated that the accounts can be collected from an Active Directory repository using an AD/LDAP collector and that the account names are pre-pended with "AA_" or something to that effect.
2) It does not look as though we currently have any AFX Connector Template for any kind of Priviledged Access Manager product. If the customer wished to provision accounts through the "Hitachi ID Privileged Access Manager", we would need an AFX connector for this functionality.
Questions to the customer:
- You want to use our workflows in order to provision accounts through "Hitachi ID Privileged Access Manager" is this correct?
- You would want to provision those accounts from our Governance and Lifecycle application?
- Based upon the key features of the "Hitachi ID Privileged Access Manager", you would want the randomly generated passwords to be synched to the Governance and Lifecycle application.