The terms access management (short: AM; also referred to as access rights management or just rights management) and identity & access management (short: IAM) are often used synonymously. In practice, however, they do not stand for the same thing. In this article, we are going to take a closer look at the difference between access rights management software and identity/access management solutions.
Access Management = Identity & Access Management?
No, generally speaking, access management solutions and IAM solutions are not identical, even if the boundaries between the terms are often fluid.
Our aim today is to highlight the differences between the two approaches and find out why access management software is well-suited for smaller businesses and identity & access management solutions are better suited to meet the needs of larger enterprises.
Access management software typically consists of tools that facilitate reporting and administration functions for products such as Active Directory (Microsoft), file servers (Windows, Linux, SAN/NAS systems) and Exchange or SharePoint.
AM software also sometimes include rudimentary functions for workflows and self-service. Our article Access Management for Microsoft and Other Systems explains how access management software works and outlines its advantages.
Access Rights Management Not Suited for Complex Workflows
Solutions of this kind are usually quick to roll out and easy to use. They create group and role structures and standardize processes and procedures, which is another big plus.
In terms of functionalities, however, that’s about as far as they go. There is no way to break their inflexible structures, which means there is no support for anything that goes beyond what the producer programmed into the software.
This is a bit of a problem (and by “a bit” we really mean “very big”) for medium-sized or larger corporations, as they often have complex structures and require their solutions to model more demanding tasks and/or to incorporate additional systems into their workflows.
Identity & Access Management
Identity & access management solutions focus on the fields identity management, authorization, single sign-on, public/private key management and access governance. IAM products are explicitly designed to meet the requirements and demands of very large organizations, both in terms of their functional scope and their structural requirements.
IAM solutions support both complex workflows and the integration of different systems via predefined interfaces.
IAM Solutions Are Difficult to Implement
IAM solutions provide all the functionalities required by larger enterprises. Putting these interfaces into operation in concrete customer environments, however, often requires a considerable amount of customization.
Medium-sized businesses often find themselves on the verge of despair when evaluating the license models, expected adaptation efforts and running costs involved in maintaining and constantly readjusting such IAM solutions.
The Difference Between AM & IAM
The main difference between AM software and IAM software lies in their flexibility.
Access rights management is built around standardized group and role structures as well as firmly defined workflows and processes, all of which helps to reduce the administrative efforts involved.
The downside is that these solutions offer no way of breaking away from their predefined structures and do not allow an integration of more complex workflows.
IAM solutions, on the other hand, can be tailored to suit the structures and requirements of any company. Their programming allows other software programs to be integrated, plus they can model complex workflows.
However, this high level of adaptability comes at a price: companies must be willing to invest time for the implementation and money for the constant upkeeping and adaptation of their IAM systems.
Combining Access Management and IAM
So, what if you were able to combine the simplicity and rapid deployment of access management solutions with the flexibility and adaptability of IAM solutions? Dreaming is for dreamers, you say? Well, wake up! Because with tenfold, your dreams are now a reality. With our 3-stage licensing model, you can fully adapt the software to your needs.
Easy Start with tenfold Essentials
The tenfold Essentials Edition enables a quick and easy start. Physical Active Directory users are licensed inexpensively before the system is set up. This process usually takes about 1-2 days, including time spent on admin training. When that is done, you’re good to go! Reporting and user administration are now a walk in the park.
Active Directory accounts are created automatically with only a few clicks, including home folder and Exchange mailbox. It provides comprehensible reports to show you who has or had access to what folders and when. Managers (aka data owners) can assign access rights independently using drag-and-drop and tenfold automatically builds the necessary group structures around them – always in accordance with best practices.
tenfold furthermore uses what is referred to as a profile system. Profiles, which must be set up at the start of the configuration, are used to connect rights assignments with the appropriate organization profile or structures. As a result, default rights are assigned to users automatically according to certain user attributes (e.g. department, location, job title, etc. of user).
Alternatively, users can request new privileges themselves (self-service) and data owners can then either confirm or reject these requests as part of a workflow. The initially assigned default permissions can be enhanced and customized as needed, which is what sets tenfold apart from the static role-based systems of competitors.
Automatic User Access Reviews
Most companies have relatively well-structured processes in place for assigning access rights. After all, everybody wants new employees to receive all the necessary rights asap so they can get started on their jobs.
Chaos usually ensues only once it comes to subtracting these permissions again. Nobody feels or is made directly responsible for keeping an overview of permissions that have accumulated over the course of an employee’s career.
The consequence: Without a proper access management strategy, companies are quickly at risk of losing control over their IT users’ access rights, which in turn increases the risk of data misuse and theft. It also makes businesses more vulnerable to ransomware attacks.
To counter these risks, tenfold’s Essentials Edition uses the recertification process, also referred to as user access reviewing. In a user access review, tenfold automatically asks a previously appointed data owner (e.g. department head or similar) to review the access rights he or she is accountable for and to either reconfirm or revoke these.
Essentials Plus for Exchange® and SharePoint®
By upgrading to the tenfold Essentials Plus Edition, the features provided in the Essentials Edition are expanded to include Exchange® and SharePoint®. Admins and data owners can now not only oversee user access on file servers, but will also receive transparent information on Exchange® mailbox and folder permissions as well as SharePoint® permissions for sites, lists and items.
Total Flexibility With the tenfold Enterprise Edition
tenfold’s Enterprise Edition is designed to meet higher demands. This edition is able to model very complex workflows and allows the integration of any application you could think of via flexible and easy to set up plugins. With our plugins, you can connect common systems such as SAP®, Microsoft Dynamics® NAV, IBM Notes and more. Other systems are connected via our REST-based Generic Connector.
tenfold Trial – Contact Us
If you think tenfold could be the right solution for you, please do not hesitate to get in touch. Join our free webcast to learn more about tenfold or skip right ahead and start your free trial.