Evidence over slogans

What stands out

A large state-owned bank engaged Identigy to deliver a production identity-governance (IGA) system on Oracle Identity Manager. Before the project, access was managed manually by each system's administrators, with no enterprise role model and no centralized password management. On OIM the team implemented an automated account lifecycle (joiner/mover/leaver), access requests with multi-step approval routing, audit and periodic certification, and detection of out-of-band changes with automatic rollback; the role model was built from the ground up through statistical role mining on a trusted HR source. Four target systems were brought under governance — the corporate directory and mail, the information-analytics system and the document-management system — several via custom connectors. The system passed acceptance testing and entered production (~9,000 users across a branch network).

What stands out

A global research-driven pharmaceutical group (~45,000 identities) engaged Identigy to simplify a sprawling IT-role model on its existing IGA platform and extend an end-to-end access process aligned to pharma regulation (GxP, 21 CFR Part 11). The team designed a structured role model — business roles with characteristic sub-roles and rule-based birthright assignment — and built a request-to-grant flow across self-service, governance and learning systems, with multi-step approvals and e-signature. An access-after-training control grants regulated roles only once the mandatory curriculum is complete, with daily checks and roll-back on non-completion; joiner/mover/leaver events and periodic recertification with escalation were automated.

What stands out

EU public-sector identity governance programme for a national health insurance authority. Delivered via Identigy's international hub into a compliance-driven public-sector perimeter; scope covers identity lifecycle, role model and the audit reporting expected from a national health insurance fund.

What stands out

EU public-sector identity governance programme for a national tax authority under the Ministry of Finance. Identity-lifecycle automation and access governance with the compliance and audit posture appropriate for an EU government agency. Delivered via Identigy's international hub.

What stands out

A national-scale retail bank engaged Identigy to deliver a production IGA platform on Evolveum MidPoint (open-source), replacing a legacy in-house, ERP-based access solution in which onboarding each new target system was slow and costly. On MidPoint the team implemented an automated account lifecycle (joiner/mover/leaver), access audit and periodic certification, and segregation-of-duties control, and rebuilt the role model from the ground up — roles assigned by conditions such as an employee's position level. Eight target systems were brought under governance, including the core banking system, card processing, the corporate directory and mail, and the HR source. The complex role model surfaced performance challenges resolved through joint engineering with the platform vendor. The system runs in production (~15,000 users) with ongoing development and third-line support.

What stands out

A multi-business-unit mining group, then in an active phase of mergers and acquisitions, engaged Identigy for an access-governance audit and target-model design. Across a heterogeneous IT landscape with inconsistent practices and no centralized access governance, the team surveyed the group's core systems and designed the target access-management process from the ground up: a three-tier role model (RBAC) on a «location × organizational-structure» poly-hierarchy, anchored on the trusted HR source and spanning the directory, mail, ERP and HR systems. Deliverables included the access-governance concept, policy, regulations and statute, a role-formation and system-categorization methodology, and a vendor-neutral methodology for selecting an access-governance system — a ready, agreed foundation handed over ahead of any automation while the group restructured.

What stands out

The client, a large multinational organization operating in the manufacturing sector, needed to modernize its identity‑governance estate, which spanned a global directory, multiple subsidiary domains and critical HR/ERP, email and line‑of‑business applications. The project replaced a legacy commercial IGA suite with an open‑source identity‑governance platform, consolidating dozens of bespoke connectors into a handful of unified types and rebuilding the integration layer on an asynchronous message‑broker architecture. Both solutions ran in parallel during the cut‑over to guarantee service continuity, delivering a streamlined, regulator‑compliant architecture that reduced integration complexity and maintenance effort while supporting thousands of user identities.

What stands out

The project involved a telecom operator’s nationwide retail subsidiary that needed to modernize its enterprise identity‑and‑access management platform built on a commercial IAM solution. The environment integrated Microsoft Active Directory, Exchange, Lync, a retail ERP system and point‑of‑sale workstations, with the parent company’s SAP HR database as the authoritative source. Enhancements refactored the ERP connector to enforce full‑name and personnel‑number consistency, added duplicate‑account detection and automatic removal, and introduced automated credential propagation for POS devices during password changes and store transfers. The resulting solution delivered consistent identity data across all connected systems and streamlined account‑lifecycle operations while supporting relevant data‑protection regulations.

What stands out

A telecommunications operator in the Central Asian region, part of a multinational telecom group, modernized its corporate access management infrastructure to align with group-level security standards while maintaining local regulatory compliance. The project focused on automating identity lifecycle management and role-based access control across six core systems: directory services, enterprise communications, billing platforms, and financial accounting. A custom integration component was developed for the 1C ERP module, enabling seamless provisioning within the unified framework. The solution was built on an enterprise IAM platform, establishing automated joiner-mover-leaver processes for approximately 600 employees. A key aspect involved securely extending the parent organization’s identity governance model across borders, enabling centralized oversight and connectivity between geographically dispersed IT segments, while preserving the subsidiary’s independent legal and operational status. The implementation included full integration of target systems, ensuring consistent policy enforcement and audit readiness under regional regulatory requirements. Project deliverables were formally accepted upon completion in 2019.

What stands out

A large telecom operator (group headcount ~120,000) engaged Identigy, as a technical subcontractor, to implement automated access-rights management and segregation-of-duties (SoD) control on Oracle Application Access Controls Governor (AACG) over a corporate Oracle e-Business Suite R12 ERP (16 functional modules, from general ledger to payroll). The driver was Sarbanes–Oxley §404 compliance: SoD control had been manual, with no automated conflict analysis and no management of compensating controls. The team delivered what-if SoD analysis on every access request, automatic approval-chain build-up, a full lifecycle for the compensating-controls catalogue, user- and role-level control, and consolidated SoD-risk reporting for internal control and external auditors. The platform's stock functionality was extended with middleware on the customer's ITSM platform (two-way integration) and a deeply reworked ERP connector with 24 filters eliminating false positives. The solution passed three test cycles plus load testing and entered production.

What stands out

The client is a nationwide public‑sector organization with a large employee base and a network of regional offices that processes personal data. Identigy acted as a technical subcontractor to deliver the regional rollout, line‑of‑business integration and trial‑operation hand‑over of an enterprise single‑sign‑on and centralized account‑management contour. The core used an Oracle Access Manager‑based unified authentication system with regional points and a hierarchical provisioning layer feeding Microsoft Active Directory from an HR source. The project replaced manual, paper‑based access requests with automated lifecycle provisioning (joiner, transfer, leave, re‑hire) and provided readiness assessments and training for each office. The rollout was completed on schedule and accepted in full.

What stands out

Sector: professional services. The firm required a sovereign identity and access‑management contour after losing its external authentication infrastructure. Identigy delivered an autonomous IAM stack based on open‑source components: a WebSSO solution (SAML/OAuth/OpenID), an identity‑governance engine for store, reconciliation and certification, and a directory service for federation. The solution covered 4 000 users and ~70 critical corporate applications, providing full lifecycle automation, access‑certification campaigns and a self‑service onboarding method. Delivered via Agile CI/CD with separate dev, QA and production environments, the contour was operational within weeks and gave the organization an auditable, vendor‑independent access‑management platform without licensing lock‑in.

What stands out

A financial institution in the banking sector with approximately 11,000 employees faced growing operational and regulatory risks due to reliance on foreign identity management platforms, as geopolitical shifts and market exits disrupted long-term vendor support. The organization operated multiple legacy IAM systems, including a primary enterprise IAM platform and a corporate IGA solution, which required replacement to ensure compliance, reduce sanctions-related exposure, and enable in-house development capabilities. To address this, a strategic migration was executed toward an open-source identity governance platform, implemented over six months under a direct engagement. The solution encompassed end-to-end account lifecycle management across complex employment scenarios—joiners, movers, leavers, concurrent roles, maternity leaves, and emergency access blocks—supported by a re-engineered HR connector to handle multi-record employee data integrity and a high-performance email system integration meeting strict service levels. Three CI/CD-aligned environments were established, enabling robust testing and deployment cycles, while a self-service portal improved user autonomy. During transition, architectural controls ensured clear separation of duties across the coexisting IDM systems. Post-implementation, provisioning latency for core directory services dropped significantly, reducing processing time from hours to minutes. Ongoing support and incremental enhancements continued over the following two years, including remediation of integration edge cases.

What stands out

An organization in the transportation sector with a federal‑scale workforce of roughly 670 000 employees, more than 500 corporate information systems and over 800 000 annual access requests needed to replace a manual, multi‑step request process. A custom identity‑governance and administration solution was built on an open‑source stack (OpenIDM/OpenICF with a workflow engine and PostgreSQL) to provide automated account lifecycle, configurable approval routes, self‑service and periodic recertification. Integrated connectors linked the solution to the enterprise directory, mail platforms, service bus, IT service management tool and HR source. The pilot zone was delivered, accepted and entered operation in late 2015, though a full enterprise rollout was not pursued.

What stands out

An industrial holding with multiple subsidiaries implemented a group‑wide identity‑governance platform to enforce zero‑trust and least‑privilege principles across its digital estate. The project began by migrating the authoritative human‑resources data from a legacy in‑house system to a modern enterprise HR platform, synchronising the cut‑over with a payroll go‑live. Subsequent phases expanded the governance perimeter to include directory services, email, CRM, content‑management and access‑control systems, while continuously refining role models, workflow automation and service‑account lifecycle management. The solution now provides consistent access policies, reduces manual provisioning effort and supports compliance with relevant data‑protection and industry regulations.

What stands out

A financial institution in the Nordic-Baltic region, operating across multiple countries, required modernization of its identity and access management framework to support approximately 50,000 identities. The environment featured a highly heterogeneous IT landscape, including a legacy mainframe platform, enterprise directory services, and core banking applications. As part of the transformation, a comprehensive access management automation solution was implemented using an enterprise IAM platform, integrating with HR systems to enable end-to-end joiner-mover-leaver processes. The solution established a centralized identity model, automated provisioning and deprovisioning across critical systems, and introduced role-based access controls with approval workflows and employment-state validation logic. A key technical challenge involved bridging disparate target systems—particularly the mainframe environment—with differing account management paradigms, requiring hybrid automation and manual intervention workflows where full integration was unfeasible. The initiative was delivered incrementally over a 30-month period, aligning with strict financial regulatory requirements and enhancing audit readiness, operational efficiency, and access governance maturity.

What stands out

The client, a systemically important commercial bank in the financial services sector, operates a large identity‑management contour built on an enterprise IAM platform serving over 36 000 identities and processing more than 1 000 access‑change requests each day. Under a multi‑year contract, the provider delivered continuous technical support and development: diagnosing and fixing defects, handling daily lifecycle and role‑assignment requests within defined SLAs, performing preventive maintenance and regular entitlement audits, and evolving the integration layer across heterogeneous banking systems. The solution maintained reliable operation under strict financial‑regulatory confidentiality requirements and was completed without any claims.

What stands out

A multinational energy organization with over 5,000 identities across multiple regional facilities partnered to modernize its enterprise identity governance environment. The initiative focused on upgrading a deeply customized legacy deployment of an enterprise IAM platform to its latest version, including migration to version 7.3, while extending core functionality beyond out-of-the-box capabilities. The solution introduced a dynamic role model driven by HR data, enabling automated provisioning and deprovisioning across a distributed infrastructure for employees, contractors, and service accounts. Key enhancements included lifecycle management, access recertification workflows for inter-site role changes, and drift detection across ten integrated systems. DevOps practices and CI/CD tooling were implemented to support continuous integration and long-term maintainability. The engagement ensured compliance with sector-specific regulatory requirements, strengthened audit readiness, and improved operational resilience through a scalable, automated identity framework.

What stands out

A national health-insurance payer — a central fund with regional branches — runs a single enterprise identity and access management (IAM) platform on SailPoint IdentityIQ, implemented and developed by Identigy as a subcontractor. The platform governs the full lifecycle of four identity types — employees, contractor staff, interns/auditors and system accounts — with automated joiner/mover/leaver, multi-step approval including a dedicated stage for privileged roles, segregation of duties (SoD), periodic recertification of entitlements by data owners, and detection of native (out-of-band) changes. Unified provisioning spans six connected systems, including ERP and the directory service, at a scale of 2,000+ accounts and ~1,100 users — with controlled privileged access to sensitive (medical) data under ISO/IEC 27001 and a first-category state-information-system regime. Implemented 2017–2018, upgraded to a newer platform release in 2021.

What stands out

A national tax administration runs a single identity-governance platform (IGA) on SailPoint IdentityIQ, implemented and developed over several years by Identigy as a subcontractor. The platform governs the full lifecycle of four identity types — employees, interns, external contractors and system accounts — with automated joiner/mover/leaver, access self-service, dual certification of both entitlements and roles with escalation to unit managers, detection of native (out-of-band) access changes, and dormant-access suspension. Unified provisioning spans 30+ systems, including the directory service and the authoritative HR source, at a scale of 3,000+ identities and 50,000+ entitlements — under GDPR, ISO/IEC 27001 and applicable national cybersecurity requirements.

What stands out

An insurance organization with roughly 9 000 employees and over 19 000 internal and external users required a comprehensive identity‑governance solution. Identigy first deployed a commercial IGA platform to manage full account lifecycles, business roles for branches and agent channels, integrate with HR and directory services, and provide a self‑service portal. A subsequent proof‑of‑concept migrated the workload to the open‑source Evolveum MidPoint, delivering vendor‑independent governance. Ongoing support now covers connector development, role modeling, access‑approval workflows, segregation‑of‑duties policies, UI customization and reporting, ensuring regulatory compliance and streamlined access management across the enterprise.