tenfold Case Study:
Vienna’s Belvedere Museum

In light of the numerous problems caused by the manual management of users and rights, it was soon apparent that a solution had to be found. The following three objectives were defined:

1. Optimize workflows:
   Data exchanges and communication between HR and IT should be fast, seamless and preferably automated to ensure information pertaining to new or departing users would be transmitted in time and without errors
2. Reduce IT workload:
   IT staff should be relieved of redundant and time-consuming manual tasks that can be easily automated, allowing them to spend time on more important duties.
3. Improve cybersecurity:
   Accounts and permissions should be assigned and revoked automatically and at the right time to prevent an unwanted accumulation of permissions and orphaned accounts.

The idea of introducing an IAM solution had been on the table for some time at Belvedere, as internal security audits had led to the conclusion that an IAM solution would bring significant improvements. The sought-after software should be able to connect to various services such as Active Directory, Microsoft Exchange and the HR system used by Belvedere. Because pressure was high, rapid deployment was also a priority.

A number of large providers on the IAM market offer complex solutions referred to as “enterprise IAM solutions”. These products are akin to modular systems which customers can design to fit their own individual needs. However, the architecture of these solutions requires that all workflows must be programmed individually – including very basic processes and systems. Implementing such IAM-projects requires intensive planning and consumes large amounts of money, time and human resources. Medium-sized organizations often tend to underestimate the complexity and efforts involved and end up not being able to implement the project at all.

As Belvedere Museum, like many organizations, suffered from understaffing in the IT department to begin with, an IAM enterprise solution would not have presented a viable option.

In discussions with the Viennese IT consulting and solutions company Artaker IT, with whom Belvedere looks back on many years of collaboration, the pragmatic solution tenfold was brought to attention: in contrast to enterprise IAM solutions, tenfold offers many out-of-the-box features and can be set up easily without any programming or complex configuration files.

The technical implementation and configuration of the software was carried out by Artaker. The connection of the target systems Active Directory and Exchange was implemented within a short time period using tenfold’s default plugins. The tenfold import plugin allowed the data from the HR system to be imported directly to tenfold without the need for programming or individual scripts.

Thanks to tenfold’s easy set-up, Belvedere Museum were able to achieve all their ambitions quickly and smoothly.

HR no longer need to email the data to IT, who in turn have to input it into the respective systems. Instead, the data is automatically delivered to tenfold via the interface and passed on. All associated permissions are assigned to users automatically.

tenfold also automatically notifies anyone else who needs to be informed about new entries or changes – for example, department managers or security personnel who need to be made aware of who is authorized to enter certain parts of the building and who is not.

Norbert Zwolinski and his IT team at Belvedere are currently examining further ways of employing tenfold. Role-based access control (RBAC), for example, can help to further simplify the assignment of permissions. Additionally, workflows for the service catalog for users are to be set up in order to allow users to request rights and access to resources for themselves or other users directly. The ultimate aim is to delegate anything that has to do with the assignment of access rights away from the IT.