Make temporary access actually temporary
Access granted for an incident or a project should end with it. Adcyma adds time limits and per-user visibility across Microsoft Entra ID and on-prem Active Directory.
How access accumulates
Access accumulates. An incident needs quick permissions, a project adds a few groups, a role change adds new access without removing the old. None of it is wrong in the moment, and none of it ever gets removed.
After a few years, long-tenured employees have access profiles nobody can explain, and the question of what a given person can actually reach has no quick answer in either directory.
- Emergency access from past incidents is still active
- Role changes stack permissions instead of replacing them
- Long-tenured staff hold the sum of every role they ever had
- Per-user access is scattered across group memberships in two directories
The short version
How Adcyma solves this
Give access an end date by default, make role changes replace instead of add, and put each person's full access in one view.
Access that expires
Grants can carry an expiry from the start. When the time passes, the access removes itself, and extending it is an explicit decision.
See governance featuresRoles that replace
Role changes replace access instead of adding to it. The new role defines what the person has; the old role's extras go.
See lifecycle managementOne view per person
Everything a person can reach across Entra ID and on-prem AD, in one place, so the question finally has a quick answer.
See the platformHow you get there
Connect your directories
Connect Microsoft Entra ID and on-prem Active Directory.
See access per person
One view shows everything a person can reach, in both directories.
Give the temporary an expiry
Grants that should be temporary get end dates going forward.
Let roles replace, not stack
Role changes rebuild access from the new role instead of adding to the old.
What changes
Common questions
Can existing permanent access be converted to time-limited?
Yes. Reviews surface standing access, and what should be temporary can be given an expiry going forward.
What happens when time-limited access expires?
It is removed automatically in the directory. The person can request an extension, which goes through approval like any other request.
Does this cover on-prem AD groups too?
Yes. Time limits and visibility apply across both Microsoft Entra ID and on-prem Active Directory.
How is this different from Entra ID PIM?
PIM handles privileged admin roles in Entra ID. Adcyma applies the same idea, access that expires, to everyday resource access and groups across both directories.
See who has what, today
Start a free 14-day trial and connect your Entra ID tenant. No credit card, no consultants.