THE NEXT GENERATION OF ACCESS MANAGEMENT

Size: px

Start display at page:

Download "THE NEXT GENERATION OF ACCESS MANAGEMENT"

Georgiana Howard
5 years ago
Views:

Active Directory and file servers Advanced features for

1 THE NEXT GENERATION OF ACCESS MANAGEMENT Essentials Edition Essentials Plus Edition Enterprise Edition Simple management of Active Directory and file servers Advanced features for Microsoft SharePoint and Exchange Advanced features for application rights

tenfold enables automatic creation of user accounts and helps to visualize access rights. Data controllers from different fields are included into the workflow process.

2 IMPROVING IT SECURITY What is tenfold? tenfold is the next generation of access rights management. Thanks to our revolutionary and simple approaches and tools, formerly confusing and unsafe authorization structures are now history. tenfold enables automatic creation of user accounts and helps to visualize access rights. Data controllers from different fields are included into the workflow process. Processes A system intended to assist you with managing your users and access rights efficiently while helping you to keep an overview thereof at the same time must be able to carry out all processes. tenfold visualizes and documents the entire life cycles of your users and their accounts from the first to last day at the company and including any departmental changes or temporary project work. tenfold dashboard - User-friendly design Systems The ability to integrate important systems is key to establishing a simpler management structure. tenfold supports numerous widely-used systems and applications, such as Microsoft and SAP. It is equipped with open and transparent interfaces to allow for an easier integration of other systems. Simple tenfold s intuitive user interface allows all important members of the company to be included in the workflow process: end users, data owners, IT staff and human resources. With tenfold, you will be successful in both internal and external IT audits. tenfold expert functions - For IT admins THE NEXT GENERATION OF ACCESS MANAGEMENT

AUTOMATING STANDARD OPERATIONS Smart Identity Management tenfold provides a smart software addition to your identity and access management strategy.

Automation tenfold achieves a high level of automation through profiles, workflows and self-service options and is thus tremendously time and cost efficient.

3 AUTOMATING STANDARD OPERATIONS Smart Identity Management tenfold provides a smart software addition to your identity and access management strategy. It combines the quick and easy aspects of an access rights management solution with the flexibility and adaptability of complex identity management suites. Automation tenfold achieves a high level of automation through profiles, workflows and self-service options and is thus tremendously time and cost efficient. Via the straightforward interface, users can submit applications for additional access rights, equipment or data changes. User access rights can be collapsed into profiles that incorporate all systems and allow tenfold to automatically customize employee roles and rights, based on their department or job position. Transparency Transparent documentation of changes to access rights is mandatory for most companies and managers. So, why subject yourself to extra work, when you can simply let tenfold document all processes automatically and in an audit-proof manner? The information you need is there, any time. Intuitive self-service for employees Innovation: always a step ahead It has never been easier to control the processes involved in an IT user s life cycle and to know, at the same time, who currently has which access rights within the company. File server access rights clearly visualized SIMPLE. FAST. INTEGRATED.

tenfold records the history of all users and access rights and makes it impossible to manipulate data.

4 AUDITING, REPORTING, DOCUMENTATION Excellent Evaluation Features In line with the GDPR Correctly set access rights are the key! tenfold illustrates who has been given access to important or critical data and by whom. The system provides audit-proof documentation of changes. tenfold records the history of all users and access rights and makes it impossible to manipulate data. tenfold Auditor The auditor (with drill-down capability) clearly shows what object changes were made on what day. It also recognizes changes that were not made via tenfold. The Essentials Edition monitors objects within the Active Directory and file servers. The Essentials Plus Edition additionally monitors objects in Exchange and SharePoint. The Enterprise Edition additionally shows changes made to application rights. tenfold auditor - Control changes, sorted according to AD, file servers and other systems Path Finder for Active Directory The path finder provides a graphical representation of nested groups in the Active Directory. This helps to maintain a better overview and provides for a higher level of security because incorrect or false assignments can be recognized more easily. Administrator Dashboard Due to grown structures and circumstances, the Active Directory is often in an untidy state. The administrator dashboard can provide an overview of the problems: it lists unused accounts, abandoned SIDs, empty groups and more. Active Directory pathfinder - Visual representation of group nesting in AD THE NEXT GENERATION OF ACCESS MANAGEMENT

MAKING PROCESSES MORE TRANSPARENT Our modern approach to visualizing authorization processes We strive to make processes more visible and tangible.

Authorization Workflows Flexible workflows ensure that changes are never made without permission from the relevant persons in charge.

5 MAKING PROCESSES MORE TRANSPARENT Our modern approach to visualizing authorization processes We strive to make processes more visible and tangible. Our unique methods and representations help to visualize authorization processes in a comprehensible manner. Any potential for optimization is made apparent and can be tackled immediately. Authorization Workflows Flexible workflows ensure that changes are never made without permission from the relevant persons in charge. A graphical editor is available for all workflows in accordance to BPMN (Business Process Model and Notation) standards. This brings enormous advantages: Generating complex workflows requires no previous scripting knowledge The request status is graphically illustrated Graphical representation of workflows serves as documentation and proof at the same time IT audits are simplified thanks to tenfold s clear representation of access rights and structures. tenfold Workflow Editor - Workflows are visualized and can be edited Re-certification Unauthorized access can pose a great threat to your company, as it increases the risk for data theft and abuse. With tenfold, the access rights of your IT users are constantly monitored and updated. During re-certification, data owners are regularly reminded to check the active access rights of their users and can choose to either confirm or withdraw them. tenfold plugins for easier configuration SIMPLE. FAST. INTEGRATED.

6 Tip: binar e w r u e Join o w a liv to vie ration nst demo AVOIDING WEAKNESSES en/ / ity.com -secur nars d l o f n bi te www. emium-we pr Risky: Copying reference users To the detriment of IT security departments, copying and pasting so called reference users during the user and access rights management process has become common practice. tenfold s profile functions provide a unique and safe alternative that helps to evade access chaos due to imprudent duplications of reference users. tenfold Profile Functions Profiles represent different organizational units and their associated privileges. Administrators can configure profiles using tenfold s user interface. By linking profiles to individual staff members, these members automatically receive all basic access rights required for their respective departments, cost centers, job positions or locations. Additional access rights can be requested via the tenfold interface and the necessary approvals from data owners are then requested automatically. If a staff member switches to a different unit within Recognize profile deviations instantly the company, their basic rights are automatically transferred. It is also possible to set a time-delay for the transfer. If a profile is altered, the changes can automatically be rolled out to all staff members who are linked to the same profile. The Enterprise Edition lets you assign basic access rights across different systems. Roles in SAP, for example, can be automatically assigned, depending on which organization the person belongs to. Profile deviations in different departments are shown THE NEXT GENERATION OF ACCESS MANAGEMENT concerned

A LITTLE EXTRA Simple yet powerful features tenfold offers useful additional features, such as the password-reset function. Forgotten passwords constitute up to 50% of all helpdesk inquiries.

Access rights analysis is also a powerful tool for generating suitable profiles in a fast and simple manner.

7 A LITTLE EXTRA Simple yet powerful features tenfold offers useful additional features, such as the password-reset function. Forgotten passwords constitute up to 50% of all helpdesk inquiries. You can now put that lost time to better use. Analysis Statistical analysis can be used to evaluate access rights and thereby recognize patterns and commonalities in the authorization structure. Access rights analysis is also a powerful tool for generating suitable profiles in a fast and simple manner. Password Reset Any helpdesk member will confirm that resetting passwords devours both time and capacities. tenfold allows users to reset their own passwords for Active Directory, SAP and other applications. It also supports secret questions, SMS and PINs, as well as Google Authenticator. If you are unable (or prefer not) to make this option available to your users, tenfold also provides caller verification for resetting passwords. Automatically generated initial passwords also help to save valuable time. A specifically designed portal allows users to reset their passwords from a desktop PC or from their mobile devices, in just two easy steps. Access rights analysis Password-reset function saves time SIMPLE. FAST. INTEGRATED.

This increases the level of IT security.

8 DYNAMIC FUNCTIONS AND TIME Time-related functions No stress involved Time is an important factor involved in access rights management. Sometimes, we do not want changes to become effective immediately, but for them to be activated at a later point in time; or we want them to be active temporarily (e.g. until a certain date) and to be deleted automatically later on. This increases the level of IT security. Planned Requests If you want certain changes to user data or access rights to be implemented later on, simply enter the changes in tenfold and set an activation date. The changes are saved in form of a planned request in the system and will be activated on the date you set. Planned request Temporary Access Rights tenfold allows you to assign access rights for all resources temporarily, thereby saving you the hassle of having to manually set reminders. The program deletes the relevant access rights on the set date and automatically informs users by . Mass Changes Sometimes, it is necessary to create or alter several user data at once. Simply make the data changes in Microsoft Excel and apply the mass changes by uploading the file to tenfold. tenfold recognizes all changes and automatically sends out the required alteration requests. Temporary access rights THE NEXT GENERATION OF ACCESS MANAGEMENT

ACCESS MANAGEMENT ACROSS SYSTEMS tenfold: flexible expansion Managing access rights across systems is the key to increasing your IT security.

SharePoint, Dynamics NAV/CRM/AX, Office 365, SAP, CRM-/ERP-/ticketing systems. HR Data Import Personal data can be exported from HR systems via database queries, web services or function calls.

9 ACCESS MANAGEMENT ACROSS SYSTEMS tenfold: flexible expansion Managing access rights across systems is the key to increasing your IT security. You will achieve the highest level of security if you are able to automatically control user data (and related rights) running together from systems like Active Directory /file servers, Exchange, SharePoint, Dynamics NAV/CRM/AX, Office 365, SAP, CRM-/ERP-/ticketing systems. HR Data Import Personal data can be exported from HR systems via database queries, web services or function calls. Attribute settings can be configured freely. Of course, personal data can also be automatically transferred from a CVS or XML file, with timecontrol. tenfold recognizes start and end dates of employment, as well as changes to master data. Integrating Self-Developed Solutions Critical data are often stored in applications that were developed in-house. tenfold offers several possibilities to integrate self-developed applications: SQL, interfaces, RFC/RPC, web services, import/export, and more. HR data-import - An efficient interface between tenfold and HR Exclusively tenfold s Enterprise Edition offers these flexible expansion options. Enterprise Edition Integration of self-developed solutions SIMPLE. FAST. INTEGRATED.

10 EDITIONS AND PLUGINS Integration of standard software Many of tenfold s features are provided through plugins, which can be downloaded and installed directly from within the software. All configurations are done via the user interface. This means that, 90% of the time, standard software can be connected to tenfold without any previous scripting knowledge. Each edition provides different functionalities and features. tenfold Essentials Edition - For managing Active Directory and file servers The tenfold Essentials Edition is focused entirely on managing the Active Directory and access rights for file servers. This edition is ideal if you wish to get a quick start to managing your access rights in a Microsoft environment. For this purpose, tenfold automatically creates a Microsoft compliant group structure (including list right). Though basic, this software edition provides integrated workflows and an intuitive self-service interface. tenfold uses what we call profiles: By assigning these profiles to employees, they automatically receive all basic access rights needed for their respective departments, cost centers, job positions and locations. Essentials Edition tenfold Essentials Plus Edition - Advanced features for Microsoft SharePoint and Exchange Make sure that your SharePoint users are only given access rights which they need to sites, lists and elements. In Exchange, end users are able to set access rights for their own mailboxes. tenfold allows you to see who has access to your mailbox and subfolders. The user report also shows clearly which public folders and device mailboxes users have access to. Essentials Plus Edition tenfold Enterprise Edition - Advanced features for application rights The tenfold Enterprise Edition is equipped with yet more features. It supports the integration of additional system to facilitate a central management of IT access rights. Systems currently supported by tenfold include Active Directory /file servers, Exchange, SharePoint, Dynamics NAV/CRM/ AX, Office 365 and SAP, all of which are integrated using plugins. Enterprise Edition Visit our website to find out which systems are currently supported: THE NEXT GENERATION OF ACCESS MANAGEMENT

11 TECHNOLOGIAL INNOVATION: GET A HEAD-START How tenfold works: Manual input HR database Other data sources Approval Workflows: Data owners determine who has access to their data. Processes & Workflows: Save time and costs by automating processes Reporting & Visualization: See who has access to what resources. Profiles: Automatically link access rights and user accounts to users. Active Directory: Manage user accounts and access rights in Active Directory. Business applications: Supported through standardized tenfold plugins Helpdesk software: Outsource manual tasks without sacrificing correct documentation File servers, Exchange and SharePoint: Efficient management by visualizing access rights. Open interfaces: Integrate additional applications via SQL, LDAP, web services, RFC/RPC or CSV/XLS/XML import / export. Who benefits from tenfold? The Organization Conformity to standards (GDPR, ISO 27000, BSI etc.) Simplified audits Transparent overview of all access rights Automation of important processes Direct involvement of data controllers IT Managers, CIO, CISO Minimization of data theft or misuse Better compliance Better governance through better overview Automatic adaptation of access rights through profiles Administrators Automation of processes like start date / end date / department changes Elimination of routine activities Minimization of errors Maintain better overview in complex environments Automatic documentation Einfach. SIMPLE. Schnell. FAST. INTEGRATED. Integriert.

Whitepapers based on practical experience - Best practices for access rights management in Microsoft environments - Access management according to the GDPR (author: Horst Speichert, attorney) Send

12 Whitepapers based on practical experience - Best practices for access rights management in Microsoft environments - Access management according to the GDPR (author: Horst Speichert, attorney) Send your inquiry to: info@tenfold-security.com info@tenfold-security.com tenfold trial Find partners: All brands and products cited are property of respective legal entities and are subject to change. Images: Fotolia, V2019/04