Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
THE NEXT GENERATION OF ACCESS MANAGEMENT
Essentials Edition Enterprise EditionEssentials Plus EditionSimple management of Active
Directory® and file servers Advanced features for Microsoft
SharePoint® and Exchange®Advanced features for
application rights
tenfold is the next generation of access rights management. Thanks to our revolutionary and simple approaches and tools, formerly confusing and unsafe authorization structures are now history. tenfold enables automatic creation of user accounts and helps to visualize access rights. Data controllers from different fields are included into the workflow process.
tenfold dashboard - User-friendly design
tenfold expert functions - For IT admins
What is tenfold?
Processes
A system intended to assist you with managing your
users and access rights efficiently – while helping
you to keep an overview thereof at the same time
– must be able to carry out all processes. tenfold
visualizes and documents the entire life cycles of
your users and their accounts – from the first to last
day at the company and including any departmental
changes or temporary project work.
Systems
The ability to integrate important systems is key
to establishing a simpler management structure.
tenfold supports numerous widely-used systems
and applications, such as Microsoft® and SAP®. It
is equipped with open and transparent interfaces
to allow for an easier integration of other systems.
Simple
tenfold’s intuitive user interface allows all important
members of the company to be included in the
workflow process: end users, data owners, IT staff
and human resources. With tenfold, you will be
successful in both internal and external IT audits.
THE NEXT GENERATION OF ACCESS MANAGEMENT
IMPROVING IT SECURITY
Intuitive self-service for employees
File server access rights clearly visualized
tenfold provides a smart software addition to your identity and access management strategy. It combines the quick and easy aspects of an access rights management solution with the flexibility and adaptability of complex identity management suites.
Smart Identity Management
Automation
tenfold achieves a high level of automation through
profiles, workflows and self-service options and
is thus tremendously time and cost efficient. Via
the straightforward interface, users can submit
applications for additional access rights, equipment
or data changes. User access rights can be collapsed
into profiles that incorporate all systems and allow
tenfold to automatically customize employee
roles and rights, based on their department or job
position.
Transparency
Transparent documentation of changes to access
rights is mandatory for most companies and
managers. So, why subject yourself to extra work,
when you can simply let tenfold document all
processes automatically and in an audit-proof
manner? The information you need is there, any
time.
Innovation: always a step ahead
It has never been easier to control the processes
involved in an IT user’s life cycle and to know, at the
same time, who currently has which access rights
within the company.
SIMPLE. FAST. INTEGRATED.
AUTOMATING STANDARD OPERATIONS
AUDITING, REPORTING, DOCUMENTATION In line with the GDPR
Correctly set access
rights are the key!
tenfold illustrates who has been given access to important or critical data and by whom. The system provides audit-proof documentation of changes. tenfold records the history of all users and access rights and makes it impossible to manipulate data.
Excellent Evaluation Features
tenfold Auditor
The Auditor (with drill-down capability) clearly shows
what object changes were made on what day. It also
recognizes changes that were not made via tenfold.
The Essentials Edition monitors objects within the
Active Directory and file servers. The Essentials Plus
Edition additionally monitors objects in Exchange
and SharePoint. The Enterprise Edition additionally
shows changes made to application rights.
Path Finder for Active Directory
The Path Finder provides a graphical representation
of nested groups in the Active Directory. This helps to
maintain a better overview and provides for a higher
level of security because incorrect assignments can
be recognized more easily.
Administrator Dashboard
Due to grown structures and circumstances, the
Active Directory is often in an untidy state. The
administrator dashboard can provide an overview of
the problems: it lists unused accounts, abandoned
SIDs, empty groups and more.
tenfold auditor - Control changes, sorted according to AD, file servers and other systems
Active Directory pathfinder - Visual representation of group nesting in AD
THE NEXT GENERATION OF ACCESS MANAGEMENT
SIMPLE. FAST. INTEGRATED.
MAKING PROCESSES MORE TRANSPARENT
Our modern approach to visualizing authorization processesWe strive to make processes more visible and tangible. Our unique methods and representations help to visualize authorization processes in a comprehensible manner. Any potential for optimization is made apparent and can be tackled immediately.
Authorization Workflows
Flexible workflows ensure that changes are never
made without permission from the relevant
persons in charge. A graphical editor is available
for all workflows in accordance to BPMN (Business
Process Model and Notation) standards. This brings
enormous advantages:
• Generating complex workflows requires no
scripting or programming knowledge
• The request status is graphically illustrated
• Graphical representation of workflows serves
as documentation and proof of compliance at
the same time
• IT audits are simplified thanks to tenfold’s clear
representation of access rights and structures.
Re-certification
Unauthorized access can pose a great threat to your
company, as it increases the risk for data theft and
abuse. With tenfold, the access rights of your IT
users are constantly monitored and updated. During
re-certification, data owners are regularly reminded
to check the active access rights of their users and
can choose to either confirm or withdraw them.
tenfold Workflow Editor - Workflows are visualized and can be edited
Re-certification with tenfold
AVOIDING WEAKNESSES
To the detriment of IT security departments, copying and pasting so called “reference users” during the user and access rights management process has become common practice. tenfold’s profile functions provide a unique and safe alternative that helps to evade access chaos due to imprudent duplications of reference users.
Risky: Copying reference users
tenfold Profile Functions
Profiles represent different organizational units
and their associated privileges. Administrators can
configure profiles using tenfold’s user interface. By
linking profiles to individual staff members, these
members automatically receive all basic access
rights required for their respective departments,
cost centers, job positions or locations.
Additional access rights can be requested via the
tenfold interface and the necessary approvals from
data owners are then requested automatically. If
a staff member switches to a different unit within
the company, their basic rights are automatically
transferred. It is also possible to set a time-delay for
the transfer. If a profile is altered, the changes can
automatically be rolled out to all staff members who
are linked to the same profile.
The Enterprise Edition lets you assign basic access
rights across different systems. Roles in SAP, for
example, can be automatically assigned, depending
on which organization the person concerned
belongs to.
Recognize profile deviations instantly
Profile deviations in different departments are shown
Tip:
Join our webinar
to view a live
demonstration
www.tenfold-security.com/en/
premium-webinars
THE NEXT GENERATION OF ACCESS MANAGEMENT
SIMPLE. FAST. INTEGRATED.
A LITTLE EXTRA
Simple yet powerful featurestenfold offers useful additional features, such as the password-reset function. Forgotten passwords constitute up to 50% of all helpdesk inquiries. You can now put that lost time to better use.
Analysis
Statistical analysis can be used to evaluate
access rights and thereby recognize patterns and
commonalities in the authorization structure.
The Profile Assistant is a powerful tool for generating
suitable profiles in a fast and simple manner.
Password Reset
Any helpdesk manager will confirm that resetting
passwords devours both time and capacities.
tenfold allows users to reset their own passwords
for Active Directory®, SAP® and other applications.
It also supports secret questions, SMS and e-mail
PINs. If you are unable (or prefer not) to make
this option available to your users, tenfold also
supports caller verification for resetting passwords.
Automatically generated initial passwords also
help to save valuable time. A specifically designed
portal allows users to reset their passwords from a
desktop PC or from their mobile devices, in just two
easy steps.
Access rights analysis
Password-reset function saves time
DYNAMIC FUNCTIONS AND TIME
Time is an important factor involved in access rights management. Sometimes, we do not want changes to become effective immediately, but for them to be activated at a later point in time; or we want them to be active temporarily (e.g. until a certain date) and to be deleted automatically later on. This evidently increases IT security.
Timed functions – No stress involved
Planned Requests
If you want certain changes to user data or access
rights to be implemented later on, simply enter the
changes in tenfold and set an activation date. The
changes are saved in form of a planned request in
the system and will be activated on the date you set.
Temporary Access Rights
tenfold allows you to assign access rights for all
resources temporarily, thereby saving you the
hassle of having to manually set reminders. The
program deletes the relevant access rights on the
set date and automatically informs users by e-mail.
Bulk Updates
Sometimes, it is necessary to create or alter several
user data at once. Simply make the data changes
in Microsoft Excel® and apply the mass changes by
uploading the file to tenfold. tenfold recognizes all
changes and automatically sends out the required
alteration requests.
Planned request
Temporary access rights
THE NEXT GENERATION OF ACCESS MANAGEMENT
SIMPLE. FAST. INTEGRATED.
ACCESS MANAGEMENT ACROSS SYSTEMS
tenfold: flexible expansionManaging access rights across systems is the key to increasing your IT security. You will achieve the highest level of security if you are able to automatically control user data (and related rights) running together from systems like Active Directory® /file servers, Exchange®, SharePoint®, Dynamics NAV/CRM/AX, Office 365®, SAP®, CRM-/ERP-/ticketing systems.
HR Data Import
Personal data can be exported from HR systems
via database queries, web services or function
calls. Attribute settings can be configured freely.
Of course, personal data can also be automatically
transferred from a CVS or XML file, using a time
trigger. tenfold recognizes start and end dates of
employment, as well as changes to master data.
Integrating Self-Developed Solutions
Critical data are often stored in applications that
were developed in-house. tenfold offers several
options of integrating: SQL, RFC/RPC, web services,
file import/export, and more.
Exclusively tenfold’s Enterprise Edition offers these
flexible integration options.
HR data-import - An efficient interface between tenfold and HR
Integration of self-developed solutions
Enterprise Edition
EDITIONS AND PLUGINS
Integration of standard softwareMany of tenfold’s features are provided through plugins, which can be downloaded and installed
directly from within the software. All configurations are done via the user interface. This means that,
90% of the time, standard software can be connected to tenfold without any scripting knowledge.
Each edition provides different functionalities and features.
tenfold Essentials Edition - For managing Active Directory® and file servers
The tenfold Essentials Edition is focused entirely on the management of the Active Directory®
and access rights for file servers. This edition is ideal if you wish to get a quick start to managing
your access rights in a Microsoft® environment. For this purpose, tenfold automatically creates a
Microsoft®-compliant group structure (including browsing rights). Though basic, this software
edition provides integrated workflows and an intuitive self-service interface. tenfold uses what we
call profiles: By assigning these profiles to employees, they automatically receive all basic access
rights needed for their respective departments, cost centers, job positions and locations.
tenfold Essentials Plus Edition - Advanced features for Microsoft SharePoint® and Exchange®
Make sure that your SharePoint® users are only given access rights which they need to sites, lists
and elements. In Exchange®, end users are able to set access rights for their own mailboxes. tenfold
allows you to see who has access to your mailbox and subfolders. The user report also shows clearly
which public folders and device mailboxes users have access to.
tenfold Enterprise Edition - Advanced features for application rights
The tenfold Enterprise Edition is equipped with yet more features. It supports the integration of
additional system to facilitate a central management of IT access rights. Systems currently supported
by tenfold include Active Directory®/file servers, Exchange®, SharePoint®, Dynamics NAV/CRM/
AX, Office 365® and SAP®, all of which are integrated using plugins.
Visit our website to find out which systems are currently supported:
www.tenfold-security.com/plugins
Essentials Edition
Essentials Plus Edition
Enterprise Edition
THE NEXT GENERATION OF ACCESS MANAGEMENT
Einfach. Schnell. Integriert.
Who benefits from tenfold?
How tenfold works:
HR databaseManual input Other data sources
Approval Workflows:Data owners determine who
has access to their data.
Reporting & Visualization:See who has access to
what resources.
Processes & Workflows:Save time and costs by automating processes
Profiles:Automatically link access rights and user accounts to users.
Business applications:Supported through standardized
tenfold plugins
Active Directory:Manage user accounts and access
rights in Active Directory.
Helpdesk software:Outsource manual tasks without
sacrificing correct documentation
File servers, Exchange and SharePoint:Efficient management by visualizing access rights.
Open interfaces:Integrate additional applications via SQL, LDAP, web services, RFC/RPC or CSV/XLS/XML import / export.
The Organization
Conformity to standards (GDPR, ISO 27000, BSI, etc.)
Simplified audits
Transparent overviewof all access rights
Automation of important processes
Direct involvement of data controllers
Administrators
Automation of processes like start date / end date / department changes
Elimination of routine activities
Minimization of errors
Maintain better overview in complex environments
Automatic documentation
IT Managers, CIO, CISO
Minimization ofdata theft or misuse
Better compliance
Better governance through better overview
Automatic adaptation of access rights through profiles
TECHNOLOGICAL INNOVATION: GET A HEAD-START
SIMPLE. FAST. INTEGRATED.
tenfold trial www.tenfold-security.com/en/free-trial
Find partners:www.tenfold-security.com/en/buy-tenfold
©All brands and products cited are property of respective legal
entities and are subject to change. Images: Fotolia, V2019/04
Whitepapers based on practical experience
- Best practices for access rights management in Microsoft environments
- Access management according to the GDPR (author: Horst Speichert, attorney)
Send your inquiry to: [email protected]