tenfold allows the integration of employees from different business areas into all relevant workflows. This means that any changes are always stored in the system and can be retraced at any time.
With the relevant access rights, HR staff can easily create new employees and make data changes without any previous technical knowledge. The changes made are logged in an audit-proof manner and can then be transferred directly to the connected IT systems. tenfold records every employee and equips them with IT assets before they commence their work. Employees who leave the company, in turn, are locked immediately, thereby eliminating any potential for abuse.
Employees can use tenfold to request IT resources, either for themselves or for other members of their team or department. The self-service interface is not restricted to specific systems. The self-service interface can be used to activate (among other things):
- Profiles (business roles)
- Active Directory groups
- Directory privileges
- Office 365 licenses
- Applications and access rights (e.g. ERP system)
- Hardware assets
The changes are saved in form of a request in the system and then, after being subjected to an approval process, released for automatic execution.
Sign up now for our free webinar. Helmut Semmelmayer, Senior Manager Channel Sales at tenfold, will guide you through the software and answer any questions you may have.
To guarantee a comprehensible and well-structured user and access management system, it is essential to differentiate between approving and granting access rights. The former refers to the approval given by a previously defined data owner.
The second step encompasses the actual technical granting of the privilege by an IT administrator. The IT administrator may only take action once the data owner has given his or her approval.
It is nearly impossible to master this process manually, but tenfold offers full out-of-the-box support for the procedure: first, IT administrators must determine the relevant data owners in tenfold; then, they must use the graphical workflow editor to set up the according approval procedures. Data owners are informed of new requests by e-mail and can directly approve or reject these requests by clicking buttons contained in the very same e-mail. The clearance is processed via Kerberos authentication and thus protected from abuse. Once approved, the target system automatically implements the procedure using the corresponding plugin.
Through approval workflows in tenfold, data owners are informed automatically about IT access requests and are thus able to make decisions as to whether access should be provided or not. Data owners can calculate weigh up necessity vs. risks of access rights without having any previous extensive IT knowledge. This significantly reduces the workload for the entire organization, while tenfold’s advanced control mechanisms help to increase security and protection for important company data.
In order to implement audit-capable workflows for IT access rights, it is necessary to determine data owners (i.e. the persons in charge of individual business areas) and enter them into the system. These data owners are responsible for all types of data – files, access rights, business applications – and must decide who is to be granted access to this data and who is not.