Simple. Secure. Ready to Go.

tenfold – simply for everyone. And simple for everyone.

We believe that access management should be easy, not complicated. That is why we have made it our objective to translate complex matter into comprehensible, user-friendly matter. We want to make sure tenfold can be used by everyone, from IT admins to HR to end users. And, with over 1000 currently active installations of tenfold across Great Britain, North America and the DACH region, we think we’re on the right track.

tenfold’s intuitive user interface is founded on IAM software that is perfectly tailored to the needs of midmarket organizations. It protects access to your sensitive data, both on-prem and in the cloud, as well as in hybrid network environments. Standardized processes and automated workflows lay the groundwork for:

  • guaranteed compliant user management.

  • efficient workflows without errors.

  • correct assignment of permissions across systems and in real time.

  • empty ticketing systems, audit-compliant reports & change tracking.

The Perfect Fit?

Show me how our organization is structured and I’ll tell you which IAM product you need.”

Admittedly, it’s not quite that simple. What’s true, however, is that there is no single IAM solution that suits all organizations. In fact, most people are unaware that the term “identity and access management” does not stand for a standard set of functions or a concrete system. IAM products cover a range of functions, though these will differ greatly from product to product. In general, there are two types of IAM solutions: (1) Pure data governance solutions and (2) Enterprise IAM solutions.

tenfold sits right in the middle between data governance and enterprise solutions. It combines the best of both worlds into a user-friendly all-in-one package designed to meet the demands of midmarket organizations.

Data Governance Solutions

Data governance solutions are focused on reorganizing unorganized data. They temporarily bring order to file servers and automate certain jobs. However, this is more of a band aid solution that only fights the symptoms of decentralized access management, but does not solve the root of the problem. It does not close security holes, nor does it reduce the administrative workload for admins. The only way to overcome these challenges is with an all-round IAM solution – like tenfold.

Summary: Drawbacks of Data Governance Solutions

Not All That Glitters Is Gold

At first glance, sophisticated enterprise products seem enchanting due to the sheer variety of functions and integrated services they offer. But beware! Just because a program comes with an entire zoo of functionalities and blinky, shiny features does NOT mean you’ll actually be able to put it to use productively. Enterprise IAM solutions are designed specifically to meet the demands of massive corporations with highly complex organizational structures. What this means is that:

  • implementation and upkeeping will consume months or even years,

  • even the tiniest adaptations are expensive,

  • system maintenance requires expertise and constant external supervision.

These characteristics should not be regarded as negative per se. Enterprise IAM solutions are simply not intended for “plug-and-play”. They provide platforms on which any process your heart desires can be modeled, but which must be programmed individually.

A Flying DeLorean?!

Remember when Marty McFly went back to the future with Dr. Emmett “Doc” Brown in their modified DeLorean? You can picture IAM systems as very complex construction kits which allow you to build any car you could possibly dream of – even a flying DeLorean. However, even with instructions, building a time machine requires true expert know-how. Only Doc Brown had the expertise to modify the DeLorean in such a way that would allow Marty and him to travel through time. Marty couldn’t have done it himself.

In much the same way, IAM systems can only be configured by persons with a high degree of expertise in the field; and every little modification thereafter will also require that same level of expertise. After all, you don’t want your DeLorean to suddenly come crashing down, mid-flight.

tenfold vs. Enterprise Solutions

Even though it’s a pain to admit, most big corporations need the DeLorean. Their internal structures are so complex it takes an equally complex IAM system to handle them. Large corporations are also more likely than midsize organizations to employ specialized individual processes that cannot be standardized, but must still be covered by their IAM solution.

In practice, the functionalities required to model standardizable processes only consume 10 percent of the budget. The remaining 90 percent of the budget are spent on the features needed to model specialized processes (as illustrated to the right). This is because special processes require:

  • individual programming,

  • multiple custom interfaces,

  • continuous, complex maintenance, which in turn requires

  • more money.

Specialized Processes in the Midmarket Segment

In most midmarket companies, 90 percent of processes can be standardized and automated by an IAM tool. You will, of course, come across the odd specialized process that cannot be standardized and must be programmed individually – but thatis not the norm.

tenfold implements standard processes quickly and out of the box. To cover the odd specialized process, there are a number of plugins available, such as the Generic Connector. Third-party systems, for which there is no standard plugin available, can be connected to tenfold via REST and/or scripting. As you see, tenfold is able to cover all significant processes and workflows. You do not have to take DeLorean flying lessons to get to your destination. And you don’t have to pay for the DeLorean either.

Top-Down vs. Bottom-Up

IAM solutions are structurally complex. And that is a good thing. They have to be complex in order to meet the multifaceted demands and model the intricate structures of big corporations. That is what they are designed for. However, when applied in smaller or midsize organizations, the complexity quickly becomes a problem. This is because big IAM suites work top-down. But what does this mean?

It basically means you will not be able to use the software productively, even for standard operations, until all the other functions the software provides have also been implemented and configured.

This in turns leads to two more problems: firstly, it is very likely that you won’t ever fully implement your enterprise IAM suite because it is so complex. Secondly, you’ll be investing great amounts of effort, time and money into implementing and adapting features that don’t even apply to midmarket organizations.

tenfold Works From the Bottom Up

tenfold, on the other hand, works bottom-up. This means its standard features initially cover the most important and most frequent processes (the 90 percent). For processes or workflows not covered by the standard set of features, tenfold can be extended from the bottom up.

So, Why tenfold?

Because access management should be SIMPLE. As pioneers in the field, we have built our software specifically to meet the demands of midmarket organizations. We know exactly what functionalities you need and which third-party systems must be integrable with your IAM software. Depending on the edition you choose, tenfold will bring you the following advantages:

tenfold is perfectly tailored to Microsoft environments and always establishes its access structures in accordance with best practices and the least privilege principle. This ensures users are only ever granted the rights they specifically need to do their jobs.

The deep integration of tenfold with Microsoft’s infrastructure guarantees the permissions in your corporate network (in the Active Directory, on file servers, in Exchange and Sharepoint) will be managed automatically and in compliance with policies and regulations.

Further information

Microsoft’s standard tools do not allow you to control access to sensitive information in great detail. tenfold provides all the advantages of integration with Microsoft’s on-prem services, even in the cloud. This is especially of relevance to organizations using hybrid solutions.

tenfold provides not only an interface to on-prem Active Directory, but also to Microsoft’s cloud-based directory service, Azure Active Directory. The integration with Azure AD allows you to control identities and privileges on-premise and in the cloud via tenfold’s intuitive user interface.

Furthermore, you can use tenfold to manage MS 365 and Teams groups and memberships and for assigning resources in the cloud automatically (e.g. licenses or apps).

Users can also request access to resources in the cloud via tenfold’s self-service portal. As part of an approval workflow, these requests are then passed on to the associated data owner, who is responsible for approving or rejecting the request and for regularly reviewing “his” (or her) privileges as part of the recertification process.

Further information

With tenfold, you can always be sure that both internal and external compliance regulations are met. Such regulations include, but are not limited to, the GDPR, ISO 27001, PCI-DSS as well as TISAX in Germany or HIPAA in the US.

How Does tenfold Guarantee Compliance?

tenfold produces automated reports for Active Directory, Azure AD, all types of file servers (Windows, Linux, SAN/NAS systems) and other services such as Exchange (Online) or SharePoint (Online).

Another factor is that privileges can only be assigned by the appointed data owners (commonly department heads or other persons with a certain level of authority), not by anyone else. The program also keeps meticulous and auditable logs of privileges, users, processes and changes.

Further information

With tenfold, you are always perfectly prepared for audits because the program logs and tracks every little change, be it to users, permissions or workflows. tenfold’s reporting function, comprised of an auditor, a pathfinder and different format reports (online, PDF, Excel) further prevents data from being manipulable.

Further information

There is no 100% proection against data theft or ransomware attacks. These types of cyber-attacks cause most damage where excess permissions allow perpetrators to infiltrate and move through the system freely.

That is why the first thing tenfold does once installed is to compare the current access landscape with pre-defined roles and subsequently remove any excess permissions. It also prompts regular user access reviews:

In this process (also referred to as recertification), tenfold regularly prompts the appointed data owner(s) to review the permissions they are in charge of and to either reconfirm or revoke them.

Further information

Did you know interns often possess more rights than the CEO of the company? It‘s no legend. It’s called a privilege creep: it’s when people receive extra rights because they switch departments (as interns often do), work on temporary projects or for any other reason and these changes are not properly documented. The excess privileges creep into the system and we end up with chaotic access landscapes.

The reason it happens is, while most companies have good workflows in place for assigning privileges, they usually don’t have any for retracting those permissions once they are no longer needed.

tenfold manages all user lifecycles centrally, from the date of joining to the leaving date. This guarantees that users are always equipped with the privileges they need, at any given time during their user lifecycles.

At the same time, tenfold’s ULM function ensures that users never have more privileges than absolutely necessary (principle of least privilege). It further ensures that user identities for important systems and apps (e.g. Active DirectoryAzure Active Directory and Microsoft Exchange (Online)) are created, modified or deactivated automatically.

Further information

Do you know how much time and resources your company spends on managing access rights and users manually? Are you aware of the risk of human errors involved? tenfold’s ability to integrate applications enables you to assign permissions across systems (Active DirectorySAP, and more) automatically.

The key to success here are roles. They are the bridge between the privilege assignment process and your organization’s structure.

This approach to user management saves time and is generally more efficient as it allows the software to assign default rights automatically and to revoke permissions when certain user attributes change (e.g. department or location). We refer to this as user lifecycle management.

Further information

With the import feature, user data from source systems can be transferred to tenfold automatically. The most common scenario where this might occur is when you bring personal data (user names, attributes) from HR into tenfold.

The feature is relevant because it stops you from having to input user data twice, e.g. once into the HR management system and once into the access management system by IT staff. As you can imagine, doing this twice for every user and by different people harbors great potential for errors. Common problems that arise from completing these tasks manually and without an appropriate interface are: (1) the new user shows up for work and doesn’t have access to all the resources he or she needs for the job, and (2) orphaned accounts.

Further information

A typical day in the life of an IT admin: User A forgot his password – here comes a ticket. User B needs access to a folder, here’s another ticket. User C also forgot their password, another ticket. User D needs access to a share, ticket. Oh, it’s User A again…typed in wrong password three times, account locked…oh my…ticket. So. Many. Tickets.

And this is just daily life, not including any elaborate onboarding or offboarding procedures that happen quite often too, or changes to HR databases.

With tenfold, you do not have to waste another thought on open tickets. tenfold automates all of these tedious processes and delegates the responsibility of approving privileges away from IT admins and passes it on to designated data owners.

How Does It Do this?

When a request for permission is made (for instance via tenfold’s self-service portal), tenfold informs the associated data owner about the request by email. The data owner can then simply click a button that is embedded in the email to either approve or reject the request. This requires no IT knowledge whatsoever. And the best part is, the technical part of assigning the request (provisioning) if approved is done automatically by the associated plugin.

Further information

Would you like to experience tenfold LIVE?

Sign up for a demo!

tenfold – Simple. Secure. Ready to go.

Sign up now