Skip to main content

IAM/IGA Project Portfolio

Evidence over slogans

Enterprise IDM/IGA engagements across banking, energy, telecom, public sector, manufacturing and agribusiness. Named references first, then anonymised profiles where contractual confidentiality applies.

Talk to an architect
Portfolio

The portfolio at a glance

Aggregated picture of our delivered work. Each direction has concrete engagements behind it — some openly described below, many under NDA.

  • 20

    years of IDM expertise

  • 39

    clients across multiple markets

  • 79

    projects delivered

  • 3

    IDM / IGA platforms in core focus today

Industries

Where we deploy IDM/IGA

Industry distribution across the portfolio. The numbers indicate orders of magnitude — exact figures are refined as more case profiles become public.

12

Financial Services

Banking, insurance and leasing — Evolveum MidPoint migrations, Oracle support and international-perimeter work

5

Energy & Utilities

Oil & gas, power and petrochemicals — large Oracle IdM operations, MidPoint migration and HR-driven provisioning

5

Public Sector

Government, critical infrastructure and national funds — legacy Oracle adaptations and EU-mandated environments

5

Manufacturing & Industrial

Manufacturing, automotive, mining and construction — Oracle IdM at multi-entity scale

2

Transportation & Logistics

Passenger and cargo aviation, rail — IDM licence supply and technical support

3

Telecommunications

Oracle Identity Manager → Evolveum MidPoint migration at large-enterprise scale

3

Retail & Consumer Goods

Retail and agribusiness — Evolveum MidPoint IGA deployments

3

Technology & Services

Consulting, IT services and a global ride-hailing platform — SailPoint ISC and MidPoint

1

Healthcare & Life Sciences

Global pharmaceutical group — IT-role simplification on SailPoint IdentityIQ (GxP, 21 CFR Part 11)

Platforms

What we actually run

Number of clients per IDM/IGA platform. See the dedicated service page for a deeper view.

  • 9

    clients

    Oracle Identity Manager (OIM / OIG)

    Long-term operations and managed migration to modern stacks (SailPoint, Evolveum midPoint). Identigy does not sell new Oracle implementations — only operations and migration off the stack.

  • 6

    clients

    Evolveum midPoint

    Partner of Evolveum, active upstream contributor. Greenfield deployments, migrations from legacy IDM, multi-entity governance.

  • 4

    clients

    SailPoint IdentityIQ

    On-prem IGA: implementation, evolution, version upgrades and IIQ → ISC migrations when the programme calls for it.

  • 1

    clients

    SailPoint Identity Security Cloud

    Cloud-native IGA: multi-year SaaS subscription delivered through Identigy for an international mobility platform (inDrive).

  • 1

    clients

    OneIdentity

    Operations and migration from OneIdentity stacks (including into midPoint or SailPoint) — full lifecycle from assessment to steady-state operations.

Full platform catalogue and our stance on each one is on the Identity Governance & Administration page.

References

Named case profiles

Clients who agreed to be named in our public materials. Headline is the organisation; sector and platform details follow in each card.

Filter the portfolio — multiple selections allowed

Showing 28 of 28

Filter by platform

Identigy (internal)

Evolveum MidPoint
Sector
In-house IGA contour (IT consulting · IDM/IGA)
Scale
Identigy staff, service access and corporate services
Period
Since 2025
Identigy role
Building and running Evolveum MidPoint as our own in-house IGA contour — the same open-source stack we deploy for clients

What stands out

«Cubes» is Identigy's own in-house identity governance (IGA) contour, built on Evolveum MidPoint (open-source). The principle is simple: we run the same IGA stack internally that we deploy for our clients, proving architectural decisions on our own infrastructure before they reach customer production. The contour covers a standardised joiner-mover-leaver lifecycle, access granted only through MidPoint with approval workflows, a self-service access-request portal, automatic revocation of unapproved entitlements and clean-up of leavers' access, role mining and an evolving role model, and centralised sign-in to all corporate services via Google SSO. The HR system is the source of truth; managed services include Google Workspace, Atlassian (Jira/Confluence), Google Drive, GitHub and Telegram. Policy changes are rolled out safely using MidPoint's simulation mechanism.

  • Platform

    Evolveum MidPoint (open-source)

  • Functions

    JML · self-service access requests · approvals · auto-revoke of unapproved access · role mining

  • Systems

    HR (source of truth) · Google SSO · Atlassian · GitHub · Telegram

Sector
Ride-hailing · mobility (international platform)
Scale
~3,000 identities · ~10 cloud (SaaS) target systems · 4 identity types (employees, contractors, recruiters, service accounts)
Period
03.2023 — 11.2024 (two-phase implementation)
Identigy role
Enterprise IGA implementation on SailPoint Identity Security Cloud, delivered in two phases

What stands out

inDrive is an international mobility and urban-services platform launched in 2013 around a distinctive direct-bargaining model — riders and drivers negotiate fares directly rather than accept an algorithmic rate. Legally headquartered in Mountain View, California, with its operational hub in Almaty, it operates in 1,000+ cities across 48 countries. Identigy implemented enterprise identity governance on SailPoint Identity Security Cloud (IDN) in two phases. Before the project, access was managed by hand across 42+ Google Sheets per country and department, with no unified identity lifecycle and no central HR. Phase 1 (03.2023 — 08.2023) brought up Zoho People as the trusted HR source and Google Workspace as the first target, with automated joiner/mover/leaver. Phase 2 (09.2023 — 11.2024) extended the perimeter to Jira and Jira Service Management, GitHub, Salesforce, Oracle NetSuite, the 1C platform, Figma and Tableau, adding a role model, access self-service, recertification and SoD controls. Governance spans not only employees but also contractors, recruiters and service accounts; custom connectors were built for GitHub and 1C. The partnership continues as an annual license subscription.

  • Integrated systems

    ~10 cloud (SaaS)

  • Access governance

    42+ Google Sheets → single pane

  • Automated

    JML · recertification · SoD

Confidentiality

For many programmes we cannot publish customer names or logos under contract. The cards below are anonymised — sector, platform, scale and outcomes only. Where it helps your procurement or architecture review, we can arrange a reference conversation with the customer's team, subject to their availability and a mutual NDA.

Under NDA

Anonymised case profiles

Industry and technical narrative without customer identification — the pattern we use when contractual confidentiality applies.

Banking

Oracle Identity Manager
Scale
bank · several target systems + HR source
Period
2010s
Identigy role
Full-cycle IGA implementation on Oracle Identity Manager

What stands out

A bank engaged Identigy to deliver a production identity-governance (IGA) system on Oracle Identity Manager. Before the project, access was managed manually by each system's administrators, with no enterprise role model and no centralized password management. On OIM the team implemented an automated account lifecycle (joiner/mover/leaver), access requests with multi-step approval routing, audit and periodic certification, and detection of out-of-band changes with automatic rollback; the role model was built from the ground up through statistical role mining on a trusted HR source. Four target systems were brought under governance — the corporate directory and mail, the information-analytics system and the document-management system — several via custom connectors. The system passed acceptance testing and entered production (across a branch network).

  • Scale

    banking contour

  • Platform

    Oracle Identity Manager

  • Coverage

    several systems + HR source · JML + role model + certification

  • Outcome

    role model & JML automation from scratch (was manual)

Global pharmaceutical group

SailPoint IdentityIQ
Scale
global pharmaceutical group
Period
2010s
Identigy role
IT Role Simplification on SailPoint IIQ

What stands out

A global research-driven pharmaceutical group engaged Identigy to simplify a sprawling IT-role model on its existing IGA platform and extend an end-to-end access process aligned to industry regulation. The team designed a structured role model — business roles with characteristic sub-roles and rule-based birthright assignment — and built a request-to-grant flow across self-service, governance and learning systems, with multi-step approvals and e-signature. An access-after-training control grants regulated roles only once the mandatory curriculum is complete, with daily checks and roll-back on non-completion; joiner/mover/leaver events and periodic recertification with escalation were automated.

  • Scale

    global pharmaceutical group

  • Platform

    SailPoint IIQ · IT Role Simplification

  • Coverage

    access-after-training + JML + recertification

EU public-sector (national health insurance)

SailPoint IdentityIQ
Scale
2 000+ identities · national public health insurance
Period
Multi-year engagement
Identigy role
Multi-year identity governance programme via Identigy's international hub

What stands out

EU public-sector identity governance programme for a national health insurance authority. Delivered via Identigy's international hub into a compliance-driven public-sector perimeter; scope covers identity lifecycle, role model and the audit reporting expected from a national health insurance fund.

  • Platform

    SailPoint

  • Sector

    EU public-sector (national health insurance)

EU public-sector (national tax authority)

SailPoint IdentityIQ
Scale
National tax authority · EU
Period
Multi-year engagement
Identigy role
Multi-year identity governance programme via Identigy's international hub

What stands out

EU public-sector identity governance programme for a national tax authority under the Ministry of Finance. Identity-lifecycle automation and access governance with the compliance and audit posture appropriate for an EU government agency. Delivered via Identigy's international hub.

  • Platform

    SailPoint

  • Sector

    EU public-sector (national tax authority)

Marine & energy insurance (P&I club)

SailPoint IdentityIQ
Scale
1,000+ users · global office network
Period
Multi-year engagement (2016—2020)
Identigy role
Enterprise IGA implementation on SailPoint IdentityIQ

What stands out

A leading Protection & Indemnity (P&I) marine and energy insurer with a global office network. Identigy delivered an enterprise identity governance (IGA) programme on SailPoint IdentityIQ: automated identity lifecycle (joiner / mover / leaver), an IT- and business-role model, access-certification campaigns and Segregation-of-Duties (SoD) controls. Governance was extended beyond employees to external consultants and service accounts. The corporate ERP served as the source of roles and org structure, and the solution reached legacy systems and applications with parameterised privileges across a distributed international perimeter. The engagement ran over several years.

  • Platform

    SailPoint IdentityIQ

  • Automated

    JML · access certification · SoD

  • Governed

    employees · external consultants · service accounts

  • Engagement

    multi-year (4+ years)

Oil & gas

An OpenIDM/OpenICF (ForgeRock)-based IGA platform · migration from Oracle Identity Manager
Scale
several critical-infrastructure objects · corporate directory (1,000+ accounts) · accounting systems on the 1C platform · corporate mail · roughly 800+ identities
Period
2019
Identigy role
Migration Oracle IDM → an OpenIDM/OpenICF-based IGA: role-management subsystem, custom 1C/directory/mail connectors, account lifecycle

What stands out

The organization operates in the oil‑and‑gas sector, managing critical‑infrastructure assets. A migration was undertaken from a legacy Oracle Identity Manager solution to an open‑source based Identity Governance and Administration platform built on the OpenIDM/OpenICF stack. The project delivered a role‑management subsystem with RBAC, custom connectors for HR/payroll, accounting, document management, directory and mail systems, and a complete account‑lifecycle workflow covering onboarding, transfers, leave, and off‑boarding with configurable approval routes. The solution passed load and integration testing, was formally accepted without claims, and enabled a standardized, automated access‑management contour across multiple critical sites.

  • Platform

    An IGA on the open OpenIDM/OpenICF (ForgeRock) stack

  • Migration

    Oracle Identity Manager → an OpenIDM-based IGA (critical-infrastructure objects)

  • Scale

    several critical objects · roughly 800+ identities

  • Coverage

    role-management subsystem (RBAC) · custom 1C / directory / mail connectors

  • Process

    automated account lifecycle (joiner, transfer, maternity, leaver, role requests)

Banking

Evolveum MidPoint
Scale
large bank · several target systems
Period
2020s
Identigy role
Full-cycle IGA implementation on Evolveum MidPoint: architecture, development, integrations, go-live, training

What stands out

A large bank engaged Identigy to deliver a production IGA platform on Evolveum MidPoint (open-source), replacing a legacy in-house, ERP-based access solution in which onboarding each new target system was slow and costly. On MidPoint the team implemented an automated account lifecycle (joiner/mover/leaver), access audit and periodic certification, and segregation-of-duties control, and rebuilt the role model from the ground up — roles assigned by conditions such as an employee's position level. Target systems were brought under governance, including the core banking system, the corporate directory and mail, and the HR source. The complex role model surfaced performance challenges resolved through joint engineering with the platform vendor. The system runs in production with ongoing development and third-line support.

  • Scale

    large banking contour

  • Platform

    Evolveum MidPoint (open source)

  • Coverage

    several target systems · JML + certification + SoD

  • Outcome

    fast onboarding of new systems

Gold mining

IGA audit & target-model design · vendor-neutral access-system selection
Scale
thousands of staff
Period
2022
Identigy role
Audit and design of access-management processes and a role model; vendor-neutral selection of an access-governance system

What stands out

A multi-business-unit mining group, then in an active phase of mergers and acquisitions, engaged Identigy for an access-governance audit and target-model design. Across a heterogeneous IT landscape with inconsistent practices and no centralized access governance, the team surveyed the group's core systems and designed the target access-management process from the ground up: a three-tier role model (RBAC) on a «location × organizational-structure» poly-hierarchy, anchored on the trusted HR source and spanning the directory, mail, ERP and HR systems. Deliverables included the access-governance concept, policy, regulations and statute, a role-formation and system-categorization methodology, and a vendor-neutral methodology for selecting an access-governance system — a ready, agreed foundation handed over ahead of any automation while the group restructured.

  • Coverage

    thousands of staff

  • Outcome

    role model + governance package + system-selection methodology

Major telecom group

Oracle Identity ManagerEvolveum MidPoint
Scale
tens of thousands of employees · hundreds of target systems · multi-domain directory
Period
2018 — present (Oracle IdM); 2023 — present (migration to MidPoint)
Identigy role
Long-term Oracle IdM operations and an in-progress migration to Evolveum MidPoint

What stands out

A global enterprise in a regulated industry modernized its identity‑governance framework by migrating from a legacy commercial IGA suite to an open‑source IGA platform. The environment encompassed a worldwide directory, multiple subsidiary domains, HR/ERP, email and core line‑of‑business applications, serving tens of thousands of users. The project unified a large set of custom connectors into a few standardized types and rebuilt the integration layer on an asynchronous message‑broker architecture. Both systems operated in parallel during the cut‑over, guaranteeing uninterrupted service. Post‑migration, the organization achieved streamlined access provisioning, reduced integration complexity, and reinforced compliance with data‑protection and industry regulations.

  • Access SLA

    Up to 10 working days → under 1 hour

  • Connectors

    many bespoke → a few unified types

  • Scale

    tens of thousands of employees · hundreds of target systems

  • Evolution

    Oracle Identity Manager → Evolveum MidPoint

Retail

Oracle Identity Manager
Scale
large retail network · distributed points of sale
Period
2010s
Identigy role
Development of an access-management system on Oracle Identity Manager: connector engineering, automated account and credential lifecycle management

What stands out

The client operates a large retail network. Its enterprise identity‑and‑access management platform, built on a commercial IAM suite, synchronises a directory service, mail and collaboration systems, a retail ERP and point‑of‑sale workstations, using the corporate HR system as the authoritative source. The engagement refactored the ERP connector to enforce full‑name and personnel‑number consistency, added duplicate‑account detection and automatic name propagation, and automated credential turnover for POS devices through a web‑service workflow. As a result, identity data quality improved, manual provisioning effort was cut dramatically and the retail environment achieved continuous compliance with internal security policies.

  • Scale

    large retail network

  • Platform

    Oracle Identity Manager

  • Coverage

    directory · mail · communications · 1C sales system · cashier workstations

  • Processes

    automated JML + account dedup/consistency + credential management + custom connectors

Telecom

Oracle Identity Manager
Scale
mobile network operator · several target systems
Period
2010s
Identigy role
Identity governance implementation on Oracle Identity Manager: connectors to six target systems, a role model, and automated account lifecycle

What stands out

A mobile network operator modernized its corporate access management infrastructure to strengthen compliance and operational efficiency. The project focused on automating identity lifecycle processes (onboarding, role changes, offboarding) and implementing role-based access control across six critical systems: directory services (Microsoft Active Directory), corporate communications (Exchange, Skype for Business), billing platforms, and enterprise accounting (1C). A custom integration component was developed to ensure seamless access governance for the 1C environment. The solution was built on an enterprise IAM platform, enabling centralized control while maintaining the legal and operational independence of the local entity. A key aspect was governed access provisioning without compromising jurisdictional compliance. The implementation covered a small identity contour and supported alignment with regional regulatory requirements for data residency and access oversight. The system was delivered and accepted under formal sign-off.

  • Scale

    mobile network operator

  • Platform

    Oracle Identity Manager

  • Coverage

    several target systems · directory/mail/comms/billing/1C

  • Processes

    automated JML + role model + custom 1C connector

Retail

Evolveum MidPoint
Scale
large wholesale & retail network · distributed footprint
Period
2020s
Identigy role
Access governance implementation on Evolveum MidPoint: replacing a legacy custom IDM, migration, SAP HR and directory integration, automated joiner/mover/leaver

What stands out

The retailer operates a large wholesale & retail network with a distributed footprint. Its legacy, custom IDM was replaced by a greenfield enterprise IAM platform built on an open‑source identity‑governance engine. The solution integrates the HR system as the master source, synchronises with Active Directory, a privileged‑access tool and a standards‑based IdP, and automates joiner‑mover‑leaver processes, self‑service password reset, audit logging and periodic access recertification. The MVP was delivered on schedule and is now running in production, managing tens of thousands of identities.

  • Scale

    large wholesale & retail network

  • Platform

    Evolveum MidPoint (MVP→PROD)

  • Migration

    replacement of a legacy custom IDM system

  • Coverage

    HR source (SAP HR) · corporate directory · privileged access · IdP (Keycloak)

  • Processes

    automated JML + self-service (password reset) + audit + recertification

Telecom

Oracle GRC (access controls)
Scale
large telecom operator · corporate ERP
Period
2010s
Identigy role
Oracle GRC implementer over the corporate ERP: connector rework on ODI, SoD-matrix middleware, conflict-analysis & compensating-control engine, go-live

What stands out

A large telecom operator engaged Identigy, as a technical subcontractor, to implement automated access-rights management and segregation-of-duties (SoD) control on an Oracle GRC access-controls platform over a corporate ERP. The driver was regulatory compliance: SoD control had been manual, with no automated conflict analysis and no management of compensating controls. The team delivered what-if SoD analysis on every access request, automatic approval-chain build-up, a full lifecycle for the compensating-controls catalogue, user- and role-level control, and consolidated SoD-risk reporting for internal control and external auditors. The platform's stock functionality was extended with middleware on the customer's ITSM platform (two-way integration) and a deeply reworked ERP connector eliminating false positives. The solution passed three test cycles plus load testing and entered production.

  • Scale

    large telecom operator

  • Platform

    Oracle GRC (access controls)

  • Coverage

    corporate ERP · what-if SoD analysis + compensating controls

  • Outcome

    SoD control automated (was manual)

Public sector

Oracle Access Manager + Microsoft Active Directory (single sign-on + centralized account management)
Scale
public-sector organization · regional office network · heterogeneous estate (corporate directory, corporate mail, line-of-business systems)
Period
2010s
Identigy role
Regional rollout, subsystem integration and trial-operation enablement for a single-sign-on & account-management contour

What stands out

A public‑sector organization with a regional office network needed to replace manual, paper‑based access provisioning with an automated, centrally managed identity solution, subject to personal‑data protection regulations. Identigy acted as technical subcontractor to deliver the regional rollout of an enterprise single‑sign‑on and account‑management contour. The core used an enterprise access‑management platform integrated with a hierarchical directory service and provisioned accounts from an HR system. Regional authentication nodes were installed, line‑of‑business applications were onboarded to SSO, and automated lifecycle provisioning (joiner, transfer, leaver, re‑hire) was configured. Training and readiness assessments were performed and the solution was handed over for trial operation, with full acceptance recorded on schedule.

  • Scale

    public-sector organization — regional office network

  • Platform

    Oracle Access Manager + Microsoft Active Directory — single sign-on and account management

  • Coverage

    single sign-on (SSO) · centralized account management · line-of-business subsystems

  • Process

    automated account lifecycle (joiner/mover/leaver) — replacing a manual one (paper approvals)

  • Outcome

    regional segments rolled out, integrated and handed over into trial operation (accepted by the customer)

Professional services

Keycloak · Evolveum MidPoint · OpenLDAP (open source)
Scale
large professional-services company · WebSSO federation of priority systems
Period
2020s
Identigy role
Architecture and rollout of an autonomous IAM contour on an open-source stack: WebSSO on Keycloak, IDM and access certification on MidPoint, trusted OpenLDAP directory

What stands out

A professional‑services organization needed to deploy an independent IAM contour with an autonomous IAM contour. Identigy delivered a vendor‑independent, three‑component open‑source stack: an enterprise SSO solution (Keycloak), an identity‑governance platform (MidPoint) and a directory service (OpenLDAP). The contour supports the organization's priority corporate applications, providing single sign‑on, full account lifecycle automation and periodic access‑certification campaigns. Integration synchronises employee data from a trusted source, and a self‑service onboarding method enables rapid addition of new systems. Deployed via Agile CI/CD across development, test and production environments, the first system was operational in four weeks, giving the firm a sovereign, auditable access‑management layer free of licensing lock‑in.

  • Scale

    large professional-services company

  • Platform

    Keycloak · MidPoint · OpenLDAP (open source)

  • Coverage

    WebSSO federation of priority systems · access certification

  • Approach

    autonomous contour · pilot in a few weeks

Banking

Evolveum MidPoint
Scale
major commercial bank · several target systems
Period
2020s
Identigy role
Replacement of a legacy commercial IDM platform with open-source Evolveum MidPoint — full-cycle delivery plus multi-year support

What stands out

A financial institution in the banking sector faced growing operational and regulatory risks due to reliance on foreign identity management platforms amid shifting market conditions. The organization operated multiple legacy IAM systems, including a primary enterprise IDM and a secondary corporate IGA solution, both subject to licensing dependencies and diminishing vendor support. To achieve long-term sustainability, regulatory compliance, and in-house development autonomy, the bank initiated a strategic replacement with an open-source identity governance platform. Under a direct engagement, a comprehensive implementation was delivered in a compressed timeline, encompassing solution architecture, three CI/CD-aligned environments, and critical custom integrations—including a high-performance HR feed capable of handling complex employment models and a robust Microsoft Exchange connector meeting stringent service levels. The project covered full identity lifecycle management across diverse employment events and introduced a self-service portal, while maintaining interoperability between systems during a phased transition. Key outcome: provisioning latency for Microsoft Active Directory accounts reduced substantially. Ongoing support and incremental enhancements continued over the subsequent years, including resolution of accumulated integration-level anomalies.

  • Scale

    major commercial bank

  • Platform

    Evolveum MidPoint (open source)

  • Account provisioning

    account creation reduced substantially

  • Engagement

    implementation + multi-year support

Transport

Custom IGA on OpenIDM/OpenICF (ForgeRock)
Scale
large transport company · multi-domain AD environment · enterprise-scale system estate
Period
2010s
Identigy role
Design, development and pilot rollout of a custom IGA on OpenIDM/OpenICF: connectors, role model, configurable approval routing, audit/self-service portals

What stands out

A large transport company needed to replace a manual, multi‑step access‑request process across a multi‑domain environment. An open‑source identity‑governance and administration platform was built on the OpenIDM/OpenICF stack with a workflow engine and PostgreSQL backend. The solution introduced automated lifecycle handling (joiner, transfer, leave, re‑hire), configurable approval routes, a cross‑system role model, self‑service and audit‑recertification portals, and custom connectors for directory services, mail systems, an enterprise service bus, ITSM and HR data sources. The pilot zone was delivered on schedule and formally accepted; subsequent enterprise‑wide rollout was not pursued.

  • Scale

    multi-domain AD forest · enterprise-scale accounts

  • Platform

    OpenIDM / OpenICF (ForgeRock) — custom IGA

  • Coverage

    directory · mail platforms · ESB · ITSM · HR source

  • Process

    configurable approval routing (was manual)

  • Outcome

    pilot phase designed, built and delivered

Integrated petrochemical major

Oracle Identity Manager
Scale
tens of thousands of identities · multi-entity holding
Period
2020 — present
Identigy role
HR source migration → ongoing support and identity-governance development

What stands out

The organization operates in the industrial sector, overseeing a portfolio of multiple entities. To strengthen security posture, it deployed a group‑wide identity‑governance platform that enforces zero‑trust and least‑privilege principles across the enterprise. A core phase migrated the authoritative human‑resources source from a legacy in‑house system to a modern enterprise HR platform, timed with a payroll system go‑live. Subsequent extensions broadened the governance perimeter to include directory services, email, CRM, content‑management and access‑control applications, while continuously refining role‑based models, approval workflows and non‑human identity controls for service accounts. The effort delivered a unified, compliant identity backbone, reduced privileged access risk and streamlined administration across the entire holding.

  • Identity scale

    tens of thousands of identities · multi-entity holding

  • HR migration

    Legacy in-house HR → modern enterprise HR platform

  • Target systems

    directory · mail · CRM · content management · access governance

Banking

SailPoint IdentityIQ
Scale
large bank · heterogeneous estate (mainframe · directory · core banking)
Period
2010s
Identigy role
SailPoint IdentityIQ engineering: HR-driven identity model, JML automation, account provisioning to mainframe, directory and core-banking targets, approval workflows

What stands out

The client operates in the banking sector with a large identity base and must comply with financial‑sector regulations. Identigy was engaged as a subcontractor to automate the enterprise identity‑management service using an identity‑governance platform (SailPoint IdentityIQ). The solution consolidated HR data, built a unified identity model and automated the joiner‑mover‑leaver lifecycle, provisioning accounts to a mainframe environment, directory and core banking applications. Approval workflows and employment‑evaluation logic were embedded, and manual work‑items were reduced where full automation was not feasible. Delivered over a two‑and‑a‑half‑year period, the automation streamlined provisioning, lowered operational effort and enhanced compliance visibility.

  • Scale

    large banking contour

  • Platform

    SailPoint IdentityIQ

  • Coverage

    heterogeneous estate · mainframe + directory + core banking · HR-driven JML

  • Engagement

    multi-year continuous development

Banking

Oracle Identity Manager
Scale
large banking identity contour · heterogeneous IT estate
Period
2020s
Identigy role
Multi-year technical support and development of an enterprise IDM platform on Oracle Identity Manager — running a large-scale identity-management contour under banking-secrecy constraints

What stands out

A commercial bank in the financial services sector, subject to strict banking‑secrecy regulations, operated an identity‑management contour of significant scale. The solution was built on an enterprise IAM platform (Oracle Identity Manager) integrated with a heterogeneous estate of directories, mail, core‑banking, CRM and ITSM systems. Over a multi‑year engagement, the provider delivered continuous technical support, defect remediation, daily lifecycle processing, preventive maintenance, entitlement reconciliation and ongoing integration enhancements. The contour remained reliable throughout the contract period, meeting all service‑level commitments without incident.

  • Scale

    large banking contour

  • Throughput

    high volume of access-change requests

  • Platform

    Oracle Identity Manager

  • Engagement

    multi-year support

Major energy company

SailPoint IdentityIQ
Scale
5,000+ identities · multiple sites · 10 IT systems
Period
2017 — present
Identigy role
SailPoint IdentityIQ modernization → functional extension → ongoing support → version migration

What stands out

An energy sector organization managing access for over 5,000 identities across a distributed multi‑site environment partnered with Identigy to modernize its SailPoint IdentityIQ deployment. The effort upgraded the heavily‑customized instance to the latest release, added functional extensions beyond the out‑of‑the‑box capabilities, introduced DevOps tooling and established continuous support while migrating to version 7.3. A dynamic matrix role model sourced from HR now drives automated lifecycle management for employees, contractors and service accounts, supports recertification on inter‑site transfers and provides drift detection across ten managed systems, delivering stronger governance and regulatory compliance.

  • Tenure

    8 years of continuous development

  • Scale

    5,000+ identities · multiple sites · 10 IT systems

  • Architecture

    Dynamic matrix role model

Public sector

SailPoint IdentityIQ
Scale
2,000+ accounts · ~1,100 users · 6 systems · regional network
Period
2017–2021+ (implementation + 8.1→8.2 upgrade + support)
Identigy role
Unified IAM implementation → 8.1→8.2 upgrade and support

What stands out

A national health-insurance payer — a central fund with regional branches — runs a single enterprise identity and access management (IAM) platform on SailPoint IdentityIQ, implemented and developed by Identigy as a subcontractor. The platform governs the full lifecycle of four identity types — employees, contractor staff, interns/auditors and system accounts — with automated joiner/mover/leaver, multi-step approval including a dedicated stage for privileged roles, segregation of duties (SoD), periodic recertification of entitlements by data owners, and detection of native (out-of-band) changes. Unified provisioning spans six connected systems, including ERP and the directory service, at a scale of 2,000+ accounts and ~1,100 users — with controlled privileged access to sensitive (medical) data under ISO/IEC 27001 and a first-category state-information-system regime. Implemented 2017–2018, upgraded to a newer platform release in 2021.

  • Accounts

    2,000+

  • Integrated systems

    6

  • National coverage

    HQ + 5 territorial funds

Public sector

SailPoint IdentityIQ
Scale
3,000+ identities · 30,000+ accounts · 30+ integrated systems
Period
2014–2021 (implementation + long-term development)
Identigy role
Implementation and long-term development of IGA for a national tax administration

What stands out

A national tax administration runs a single identity-governance platform (IGA) on SailPoint IdentityIQ, implemented and developed over several years by Identigy as a subcontractor. The platform governs the full lifecycle of four identity types — employees, interns, external contractors and system accounts — with automated joiner/mover/leaver, access self-service, dual certification of both entitlements and roles with escalation to unit managers, detection of native (out-of-band) access changes, and dormant-access suspension. Unified provisioning spans 30+ systems, including the directory service and the authoritative HR source, at a scale of 3,000+ identities and 50,000+ entitlements — under GDPR, ISO/IEC 27001 and applicable national cybersecurity requirements.

  • Identities under management

    3,000+

  • Integrated systems

    30+

  • Entitlements governed

    50,000+

Insurance

One Identity ManagerEvolveum MidPoint
Scale
17,000+ internal · 2,200+ external users
Period
2020 — present
Identigy role
Full IDM-stack lifecycle: replacing legacy One Identity Manager with open-source Evolveum MidPoint — from PoC and migration to multi-year direct support and development

What stands out

The client operates in the insurance sector, employing roughly 9 000 staff and supporting over 17 000 internal users plus 2 200 external agents and partners within its access‑management environment. Identigy delivered a full‑stack identity governance and administration solution, initially implementing a commercial IGA platform to manage account lifecycles, business roles, integration with HR data and Active Directory, and a self‑service portal. A subsequent proof‑of‑concept migrated the core to the open‑source Evolveum MidPoint platform, providing vendor independence and a customizable object model, connectors, role‑based access, segregation‑of‑duties policies, UI tweaks and reporting. Ongoing technical support and consulting ensure continuous compliance with industry regulatory requirements and stable, scalable identity operations.

  • Scale

    17,000+ internal + 2,200+ external users

  • Platform

    Evolveum MidPoint (open source)

  • Migration

    One Identity Manager → Evolveum MidPoint (open source)

  • Engagement

    full lifecycle — PoC → migration → direct support

Retail banking

Oracle Identity Manager + Oracle Access Manager
Scale
large retail bank · distributed branch & agent network · high-load fault-tolerant (HA) directory architecture across two data centres
Period
multi-year full lifecycle (build → develop → 12c upgrade → support)
Identigy role
Full lifecycle of an identity, access and biometric-authentication contour on Oracle — developed and operated for over a decade, upgraded to 12c and supported

What stands out

A retail banking entity in the financial sector, operating a vast network of branches and agent locations, managed a complex identity and access management environment supporting a large base of staff, agent and digital-banking identities. The institution required robust IAM capabilities to handle a high agent-operation load, driven by regulatory demands and operational scale. Over a multi-year engagement, a consistent core team designed and maintained an enterprise IAM platform based on Oracle technologies, evolving it through multiple iterations including a full upgrade to Oracle 12c, while contracting shifted among various systems integrators due to internal budgeting structures. The solution encompassed identity lifecycle management via a hierarchical role model, automated directory provisioning, audit and attestation workflows, and a highly available, geo-distributed directory infrastructure with active-passive data center replication. Access management included SSO, directory services, and a custom two-factor authentication mechanism incorporating biometric verification, integrated with real-time fraud detection. The architecture supported critical front-office banking functions, including client onboarding, POS integration, and CRM workflows, operating continuously under high load. The platform was foundational to the bank’s launch, remained in production over the full lifecycle, marking a complete lifecycle delivery.

  • Scale

    large retail bank · staff, agent network and digital-banking clients

  • Load · resilience

    high load · HA directory architecture (OID/OUD clusters, two DCs, 24×7)

  • Platform

    Oracle Identity Manager + Access Manager (upgraded to 12c)

  • Authentication

    custom multi-factor authentication

  • Lifecycle

    multi-year support, one team — build → develop → 12c → closure

Digital online services

Independent external web-application security assessment (security audit)
Scale
single authentication server + payment and SMS gateways · audience in the hundreds of thousands
Period
2025
Identigy role
Independent security assessment of a digital platform's web-service estate

What stands out

The client operates a large‑scale consumer‑focused digital services platform that aggregates classifieds, food‑delivery, job listings, event tickets and real‑estate offerings. Identigy performed an independent external security assessment of the platform’s web estate, covering the authentication service, payment‑processing component, messaging gateway and advertising‑management interface. The engagement was executed remotely over roughly one month, resulting in a comprehensive findings report that was formally accepted by the client without objections. The assessment reinforced the organization’s compliance posture and highlighted remediation priorities.

  • High-value targets

    authentication server · payment and SMS gateways

  • Audience

    hundreds of thousands of users

  • Format

    independent external security assessment

Request references

Does your scenario look like one of these?

We can prepare an extended reference under a specific scenario — with figures, architecture and a customer contact for verification against your project.

Write to info@identigy.com or use the consultation form on the Contact page.

What to share in the request

  • Sector and size of your organisation
  • Current IDM / IGA, if any
  • Target platform or selection criteria
  • Engagement type: implementation, migration, audit or support
Request a reference