About Sappi Fine Paper Europe
Sappi Fine Paper Europe is the leading European producer of coated ﬁne paper used in premium magazines, catalogues, books and high-end print advertising. Headquartered in Brussels, Belgium, Sappi Fine Paper Europe is recognised for innovation and quality. Sappi Fine Paper Europe is a division of Sappi Limited (NYSE, JSE), a global company headquartered in Johannesburg, South Africa, with over 14,900 employees and manufacturing operations on four continents in 9 countries, sales oces in 50 countries, and customers in over 100 countries around the world.
“Before introducing tenfold, we used a self-developed solution for managing our user accounts. This solution was only partially automated and provided no self-service system for end users. Creating users or changing access rights in diﬀerent systems was a tedious process prone to errors. With tenfold, these tasks now only take a few minutes to complete, thanks to automation; at the same time, all system activities are automatically logged and documented.”
Manager IT Applications Sappi Fine Paper Europe
Implementation for users in over 100 countries
Pulp and paper
Sappi, manufacturer of high-quality coated paper, with 14,000 staff members across four continents
tenfold Enterprise Edition
Sign Up for a Free Trial to Discover tenfold’s Full Range of Features
In collaboration with employees from IT departments in Gratkorn (Austria) and Maastricht (Netherlands), we spent several workshops analyzing and documenting relevant user and access management processes. At the same time, we installed a basic version of tenfold on a Sappi system.
The results obtained from these workshops were then incorporated into the tenfold software, step by step.
Advantages of tenfold Access Management:
Centralized management of user accounts and access rights
Automation of processes saves time and money
All activities are automatically documented to ensure compliance with regulatory demands
Clearly structured reports allow current and past assignments of access rights to be transparently displayed
Approval workﬂows represent decision-making structures of the company
Corporate-wide Access Rights
The general goal to establish a company-wide, automated and role-based access rights management system was implemented in a number of steps. tenfold’s scope of delivery includes several plugins, e.g. for common directory services, applications, help desk solutions and HR systems. Despite its complex structure, we were able to fully integrate the Active Directory using the Active Directory plugin. The integration of SAP ERP was accomplished through tenfold’s integrated SAP plugin.
Integration of HR Systems
Philipp Straka, Regional Applications Manager at Sappi, was responsible for implementing an automated interface between the HR system and tenfold.
The aim of providing this connection was to ensure that tenfold would always be informed promptly if anyone joined or left the company and about internal ﬂuctuations (e.g. department or location changes), in order to adjust user accounts and access rights based on this information automatically.
tenfold implemented the interface for HR within a short time by using a number of best practice templates. This standardization did not require any additional implementation efforts; it was merely necessary to adapt the interface to the processes and exceptions of the HR system.
User accounts for new employees are now created automatically and assigned the appropriate rights. When employees leave the company, their user accounts are locked in all systems; if they move to a new location or department, their access rights are adjusted accordingly. tenfold can also implement temporary employment contracts (e.g. for interns), where users are locked automatically on the deﬁned leaving date.
Access Concept To Include External Persons
One particular problem that existed, prior to implementing tenfold, was the question of how to handle external persons (e.g. suppliers) who had access to Sappi systems. Karl Liebich describes the issue: “We often received tardy information about staff who were no longer actively working for our suppliers (and thus for us.)”
Thanks to tenfold’s best-practice templates for human resources, this problem has been eliminated: External persons are now saved in tenfold as part of a certain person type and their access rights expire after a pre-deﬁned period of time, unless actively extended.
Sappi is satisﬁed with the new solution: “Department heads and other persons in charge are now regularly informed about which external partners currently have access to the system; furthermore, they can determine whether access should be extended or if the person concerned should be locked.“ In the same way, access for customers and suppliers who interact with Sappi’s IT systems via the e-commerce portal is now also controlled.
Legacy Systems and tenfold
In the paper production and quality systems sectors, Sappi uses two self-developed applications that encompass a vast range of functions and complicated access structures. These applications are very critical as they have access to highly sensitive data.
Once both systems were analyzed, it was decided to implement the tenfold interface using the Groovy plugin. This is a component that works independently of platforms or manufacturers and is used for integrating third-party systems into company-wide identity & access management structures.
The implementation was carried out by Sappi with the support of tenfold. “Connecting our information systems with tenfold has signiﬁcantly helped us to reduce the time and efforts spent on user and access management. The quality was also signiﬁcantly improved because manual input is no longer required. Thanks to the integration with tenfold, we are able to meet all compliance demands without any problems,” says Michael Samastur, Application Manager responsible for information and quality systems.
Provisioning in Seconds
At Sappi, many applications are provided to users via Citrix. In order to cover this form of provisioning as well, the relevant parts of the Active Directory that control access were made accessible via the tenfold Active Directory group assignment plugin. All that is required now to request and authorize user access to certain applications are a few mouse clicks; no more manual input is needed.
Central Maintenance of User Master Data
The central administration of user master data is done in tenfold. When modiﬁcations are made, all systems in the company are updated with the new data. Every change is logged in order to be able to trace which person changed which data at what time and who approved these changes. tenfold also records in which systems these data were updated. Basic user master data are transferred from the HR system to tenfold and passed on to other systems from there. However, the HR system is not the main system for all user data. “One of tenfold’s greatest advantages is that it allows you to determine speciﬁcally which system should be responsible for a person’s individual data,“ says Philipp Straka.
External Hardware Management
At Sappi, computers, laptops, mobile phones and other components are stored in a conﬁguration management database. In order to establish the links between users and hardware (e.g. PCs, laptops, mobile phones) for tenfold, an interface to the CMDB system was implemented. Based on these links, (i.e. assignments) we can tell immediately what IT services any given user is using. Based on the data derived from tenfold, the cost allocation is made at department level.
“Due to various legal and internal regulations, we are obligated to abide to certain compliance regulations. These regulations dictate (among other things) that user accounts and access rights must always be managed in a transparent manner. We had regular visits from auditors asking questions about how certain access structures came about. In the past, we invested great amounts of time into retracing our steps, and yet were often unable to oﬀer comprehensible answers. Thanks to tenfold, we are now able to answer all questions promptly. Since all activities are automatically logged, we can deduce our access structures immediately and see exactly how they came about, at any given point in time.“
Manager IT Applications Sappi Fine Paper Europe
See tenfold in Action With Our Feature Video
Schedule a Live Demo With One of Our Experts
Put tenfold to the Test With Our Free Trial!