Permission Management: 4 Tips for Choosing the Right Software

The list of reasons why businesses choose to install permission management or identity and access management solutions is long. Some just want to bring structure to their file servers, others are seeking ways to automate workflows. Some admins are primarily concerned with protecting sensitive data against external attacks. In this article, we are going to take a closer look at four important factors to consider when selecting an access management software and provide some useful tips for achieving system integration.

Permission Management Software Requirements


Does the Software Include the Right Integrations?

A permission management software must integrate with all of your organization’s key systems, including such core services as Active Directory and other systems where permissions play a role: file servers (network shares), Exchange, SharePoint, Citrix, and more. Integration with third-party systems makes it easy to manage Exchange permissions and allows the AD to be synchronized more easily with SAP.

Many programs use an additional, separate user database to manage users and permissions. These user accounts and permissions are just as important and should therefore also be integrated into your central permission management system.

To ensure the integration is successful and you are actually able to use your permission management software once it has been implemented, you should choose a solution that provides the necessary interfaces to external systems.


Does the Software Cover All Key Processes?

Permission management software must be able to fully model all of the key processes in your company. As an example, let’s examine how best practices for an onboarding process can be implemented using the permission management software tenfold.

Onboarding Workflow

A company hires a new employee, we’ll call him Mr. Johnson. First, HR registers Mr. Johnson. The new data is transferred to tenfold automatically.

The program then assigns the pre-defined default permissions to Mr. Johnson automatically. These default permissions are determined on the basis of certain attributes that apply to Mr. Johnson, such as the department he will be working for or the office location. Mr. Johnson’s supervisor is informed about the new addition to the team well in advance of Mr. Johnson’s first day of work. This gives the supervisor plenty of time to assign any additional permissions he or she thinks Mr. Johnson will be needing (data owner concept).

Simultaneously, the software automatically generates an e-mail account and a home directory for Mr. Johnson. The night before he is due to come into work for the first time, it activates his accounts, generates all the required initial passwords, and sends them to Mr. Johnson’s supervisor via e-mail.


Best Practices for Access Management In Microsoft® Environments

Our in-depth guide explains how to manage access securely and efficiently from a technical and organizational standpoint, including tips for implementation, reporting and auditing.

Workflows for Change Processes

Besides onboarding processes, your selected permission management software should also be able to model other important user lifecycle processes. Let’s assume Mr. Johnson has been at the company for some time now and is due to switch to another department. Ideally, the best practice workflow would look like this:

The software determines a transition period during which Mr. Johnson will possess both his old and new permissions. This feature comes in handy when training staff for new positions or for training successors.

The permissions for the old department automatically expire on the defined date/time. From then on, Mr. Johnson will only have the rights required for his new position. In tenfold, privileges are consistently assigned on the basis of the principle of least privilege. If an employee leaves the company, the software automatically revokes all their permissions and locks or deletes any associated accounts.

To reduce the workload for helpdesk and mitigate the risk of errors, a good permission management software will be able to automate workflows while keeping them flexible at the same time.


Does the Software Incorporate the Organizational Structure?

Permission management software is only truly effective if it incorporates all members of the organization into the workflow. In other words, the way in which permissions are assigned to users must reflect and be closely interwoven with your organization’s structure. It is vital that departments and people of relevance are included into the same workflow. These include:

  • Human resources, who are responsible for providing master data,

  • Data owners (e.g. managers, department heads) who have the authority to decide over privileges, and

  • Last but not least, the IT department, which is responsible for reporting and for regulating operations.

Integration must be proactive (as is the case with tenfold), for instance through e-mail notifications. Most users are not trained in permission handling, so the software must provide them with a user-friendly interface and pack all the complicated bits into the back-end.


Integrating the Permission Management Software Into Your System

Implementing software for permission management can be done in a day. However, it really depends on the complexity of the processes and workflows you need it to cover. The more complex they are, the longer the implementation will take. It is therefore vital that you plan the integration well.

Your selected software provider should have extensive experience with the product and have a strong support network. This support network is especially important for highly complex IAM solutions because IT projects of this scale require constant supervision and support.

Take it one step at a time and put every individual step you have implemented into operation immediately. This way, the system will be expanded in functionalities gradually but steadily. If you try to integrate all systems and implement all workflows directly within the first step, you might run into issues concerning schedule and budget plans.

Best Practices and Interfaces Facilitate Integration

From a technical standpoint, it is much easier to integrate software solutions that apply best practices and provide interfaces to common applications and systems.

You should further research whether the chosen software is compatible with a wide range of applications and systems out-of-the-box. tenfold’s Enterprise Edition, for example, comes with a Generic Connector that allows you to integrate systems and applications for which there is no standard plugin available.

Free Trial

Our No-Code Solution Makes IAM Easy.
Start Your Free Trial Today!

About the Author: Helmut Semmelmayer

Helmut Semmelmayer currently heads channel sales at the software company tenfold software. He looks back on 10 years of involvement in the identity and access management market. Having worked on countless customer projects, he has extensive knowledge of the challenges that organizations face when it comes to protecting data from unauthorized access. His goal is to educate businesses and build awareness for current and future access-based attack patterns.