tenfold is perfectly tailored to Microsoft environments and always establishes its access structures in accordance with best practices and the least privilege principle. This ensures users are only ever granted the rights they specifically need to do their jobs.
The deep integration of tenfold with Microsoft’s infrastructure guarantees the permissions in your corporate network (in the Active Directory, on file servers, in Exchange and Sharepoint) will be managed automatically and in compliance with policies and regulations.
Microsoft’s standard tools do not allow you to control access to sensitive information in great detail. tenfold provides all the advantages of integration with Microsoft’s on-prem services, even in the cloud. This is especially of relevance to organizations using hybrid solutions.
tenfold provides not only an interface to on-prem Active Directory, but also to Microsoft’s cloud-based directory service, Azure Active Directory. The integration with Azure AD allows you to control identities and privileges on-premise and in the cloud via tenfold’s intuitive user interface.
Furthermore, you can use tenfold to manage MS 365 and Teams groups and memberships and for assigning resources in the cloud automatically (e.g. licenses or apps).
Users can also request access to resources in the cloud via tenfold’s self-service portal. As part of an approval workflow, these requests are then passed on to the associated data owner, who is responsible for approving or rejecting the request and for regularly reviewing “his” (or her) privileges as part of the recertification process.
With tenfold, you can always be sure that both internal and external compliance regulations are met. Such regulations include, but are not limited to, the GDPR, ISO 27001, PCI-DSS as well as TISAX in Germany or HIPAA in the US.
How Does tenfold Guarantee Compliance?
tenfold produces automated reports for Active Directory, Azure AD, all types of file servers (Windows, Linux, SAN/NAS systems) and other services such as Exchange (Online) or SharePoint (Online).
Another factor is that privileges can only be assigned by the appointed data owners (commonly department heads or other persons with a certain level of authority), not by anyone else. The program also keeps meticulous and auditable logs of privileges, users, processes and changes.
With tenfold, you are always perfectly prepared for audits because the program logs and tracks every little change, be it to users, permissions or workflows. tenfold’s reporting function, comprised of an auditor, a pathfinder and different format reports (online, PDF, Excel) further prevents data from being manipulable.
There is no 100% proection against data theft or ransomware attacks. These types of cyber-attacks cause most damage where excess permissions allow perpetrators to infiltrate and move through the system freely.
That is why the first thing tenfold does once installed is to compare the current access landscape with pre-defined roles and subsequently remove any excess permissions. It also prompts regular user access reviews:
In this process (also referred to as recertification), tenfold regularly prompts the appointed data owner(s) to review the permissions they are in charge of and to either reconfirm or revoke them.
Did you know interns often possess more rights than the CEO of the company? It‘s no legend. It’s called a privilege creep: it’s when people receive extra rights because they switch departments (as interns often do), work on temporary projects or for any other reason and these changes are not properly documented. The excess privileges creep into the system and we end up with chaotic access landscapes.
The reason it happens is, while most companies have good workflows in place for assigning privileges, they usually don’t have any for retracting those permissions once they are no longer needed.
tenfold manages all user lifecycles centrally, from the date of joining to the leaving date. This guarantees that users are always equipped with the privileges they need, at any given time during their user lifecycles.
At the same time, tenfold’s ULM function ensures that users never have more privileges than absolutely necessary (principle of least privilege). It further ensures that user identities for important systems and apps (e.g. Active Directory, Azure Active Directory and Microsoft Exchange (Online)) are created, modified or deactivated automatically.
Do you know how much time and resources your company spends on managing access rights and users manually? Are you aware of the risk of human errors involved? tenfold’s ability to integrate applications enables you to assign permissions across systems (Active Directory, SAP, and more) automatically.
The key to success here are roles. They are the bridge between the privilege assignment process and your organization’s structure.
This approach to user management saves time and is generally more efficient as it allows the software to assign default rights automatically and to revoke permissions when certain user attributes change (e.g. department or location). We refer to this as user lifecycle management.
With the import feature, user data from source systems can be transferred to tenfold automatically. The most common scenario where this might occur is when you bring personal data (user names, attributes) from HR into tenfold.
The feature is relevant because it stops you from having to input user data twice, e.g. once into the HR management system and once into the access management system by IT staff. As you can imagine, doing this twice for every user and by different people harbors great potential for errors. Common problems that arise from completing these tasks manually and without an appropriate interface are: (1) the new user shows up for work and doesn’t have access to all the resources he or she needs for the job, and (2) orphaned accounts.
A typical day in the life of an IT admin: User A forgot his password – here comes a ticket. User B needs access to a folder, here’s another ticket. User C also forgot their password, another ticket. User D needs access to a share, ticket. Oh, it’s User A again…typed in wrong password three times, account locked…oh my…ticket. So. Many. Tickets.
And this is just daily life, not including any elaborate onboarding or offboarding procedures that happen quite often too, or changes to HR databases.
With tenfold, you do not have to waste another thought on open tickets. tenfold automates all of these tedious processes and delegates the responsibility of approving privileges away from IT admins and passes it on to designated data owners.
How Does It Do this?
When a request for permission is made (for instance via tenfold’s self-service portal), tenfold informs the associated data owner about the request by email. The data owner can then simply click a button that is embedded in the email to either approve or reject the request. This requires no IT knowledge whatsoever. And the best part is, the technical part of assigning the request (provisioning) if approved is done automatically by the associated plugin.