Know exactly who has
access to what.
Access management for SMBs without an IT department. For accounts, suppliers, keys and everything you don't want to forget. One overview, a clear process, audit-ready out of the box.
Access chaos is invisible — until someone leaves.
Excel, email, WhatsApp
Who has access to Salesforce? Who had the alarm code? Knowledge lives scattered across docs and people's heads.
Missed offboarding
Former staff retain access to systems long after leaving. A security or privacy incident waiting to happen.
No audit trail
In an audit or incident you cannot prove who had what access when. Everyone points at someone else.
One overview. A clear process. Audit-ready.
Seven integrated layers, built in the sequence that real SMBs operate in — not a feature list from a security vendor.
Access Matrix
People × systems at a glance. Click a cell to cycle the status in one click (access / none / review / unknown).
Fine-grained items
Per system you define roles, licences and accounts. "Salesforce Admin" vs "Read-only" — the cell aggregates automatically.
Periodic reviews
Kick off a review cycle: the matrix is snapshotted. Decide keep/revoke/change per row. On completion IT gets revoke actions.
Onboarding + offboarding
Checklist per phase, evidence uploads (PDF/JPG), automatic status transitions. Offboarding auto-triggers revoke actions for every access.
Risk detection
Nightly cron scans for patterns: stale admins (>90d unverified), orphan access after leaving, overdue reviews, excessive access.
Vault with audit log
Passwords, tokens, API keys and SSH keys stored encrypted (AES-256). Per-user ACL. Every reveal/decrypt is logged.
AI explanations
Non-security users understand why a risk matters. AI builds tenant-safe context and explains + gives concrete next steps.
Reminders
Cycle and process deadlines, overdue actions, upcoming start/end dates. All aggregated on the dashboard.
Append-only log
Every decision, state change and ACL grant lands in an audit log with JSON payload. No updates, full trail.
From chaos to grip in four steps.
Inventory
Add people and systems. Optionally define items (roles, licences) per system.
Fill the matrix
Click each cell's current status. You'll see at a glance who has excessive, missing or unknown access.
Review periodically
Each quarter (or yearly) a review cycle: keep/revoke/change per row. Actions follow automatically.
Process for changes
New hire? Onboarding. Someone leaving? Offboarding with automatic revoke. All with evidence and an audit log.
For teams that want control without an IT department.
Most access management tools assume a dedicated IAM team. AccessGuard is built for 10–200 person SMBs where the office manager, HR lead or operational director keeps track.
You don't need to connect every system. Start by writing down what you already know; work step by step toward complete coverage.
Typical fit
- Organisations of 10–200 staff
- No dedicated IT or IAM team
- Using 5–30 SaaS systems (M365, Slack, Salesforce, Exact, etc.)
- Compliance requirements (ISO 27001, NEN 7510, GDPR audits) that demand proof
- External suppliers + temporary staff that also get access
Deep dives, not demos.
Our guide library covers access management end-to-end — from the first matrix to M365 directory sync, ISO 27001 Annex A.9, and quarterly review rhythms.
Stop guessing. Start knowing.
In a quarter of an hour you have your first matrix filled in. The rest follows naturally — review cycles, offboarding, evidence and proof.