Skip to main content

IDM / IGA

Identity Governance & Administration

Strategy, design, implementation, migration, support, and continuous evolution of enterprise IGA programs. We build on platforms that large enterprises rely on and that stand up to audit.

Talk to an architect

Short answer: there is no single best IAM/IGA solution — the right platform depends on scale, data residency and existing systems. Enterprises most often shortlist SailPoint Identity Security Cloud and IdentityIQ, Evolveum MidPoint (open-source), Okta, Ping, Microsoft Entra ID, Saviynt and One Identity. We select vendor-neutral, from your constraints, and implement across them. New to the terms? See the IDM/IGA glossary.

IGA · Services Six engagement types

What we deliver

Strategy through implementation, migration and continuous evolution. Engagements range from a 4–6-week Modernization Concept to multi-year programmes.

Service catalogue

  • IAM Strategy & Maturity Assessment

    ISO 27001 + COBIT 5 + NIST CSF aligned model. Role analysis, SoD discovery, 12–18 month roadmap.

  • Role engineering and mining

    Bottom-up role discovery from existing entitlements, normalisation by least privilege, SoD matrix.

  • Platform implementation

    Evolveum MidPoint, SailPoint IdentityIQ and Identity Security Cloud, Oracle Identity Manager, OneIdentity. Integrations with Workday / SAP SuccessFactors / Active Directory / Entra ID / cloud apps.

  • Legacy migration & modernization →

    Oracle Identity Manager, IBM Security Identity Manager, CA Identity Suite, Microsoft MIM/FIM and other legacy stacks → SailPoint or MidPoint. Phased cutover, parallel run, decommissioning.

  • IDM Modernization Concept →

    Fixed-fee 4–6-week discovery package: architecture, business case, roadmap. Predictable starting point for an enterprise programme.

  • Support and continuous improvement

    Tiered SLA with 24×7 option, regular role review, recertification campaigns, admin training.

Engagement model

  • 4–12 week implementation phases
  • 2–4 architect team typical
  • Fixed-fee discovery option available

Get scoped

Share your current platform, scale, and target outcomes — we'll bring an architect to a 30-minute discovery call.

Talk to an architect
Platforms Five we deploy today

Platforms we work with

Vendor-neutral on selection — we pick the platform that fits how you run, where your data must live, and what you integrate with, not a partner programme.

Platform inventory

  • Evolveum MidPoint →

    Open-source IGA. We are an Evolveum partner; our engineers contribute to MidPoint upstream.

  • SailPoint IdentityIQ

    On-prem SailPoint deployments and IIQ → ISC migrations. Long-tail support and version upgrades.

  • SailPoint Identity Security Cloud →

    Cloud-native flagship of SailPoint. End-to-end implementation, custom connectors, lifecycle management.

  • Oracle Identity Manager (OIM / OIG) →

    Support of existing installations and managed migration to SailPoint or MidPoint.

  • OneIdentity

    Operations and migration from OneIdentity environments into SailPoint, MidPoint or adjacent stacks in the programme.

Partnerships

  • SailPoint Technology Partner since 2016
  • Evolveum partner, upstream contributor
  • Oracle, OneIdentity — operations & migration

Platform mix

Not sure which platform fits? We deliver vendor-neutral selection advisory — an evaluation framed by your constraints, not a partner programme.

Compare platforms →
Outcomes What changes for the customer

KPIs we target

Concrete deltas typical for a finished IGA programme. Numbers vary by baseline; engagement scoping fixes targets per customer.

Typical deltas

  • Onboarding time for a new joiner: 3–5 days → under 4 hours.
  • Full access revocation on offboarding: 1–3 days → under 30 minutes.
  • SoD coverage on key roles: up to 100%.
  • Regulatory audit on access management: zero findings.

How we measure

Baseline taken in week 1 of the engagement. Targets agreed with the customer before phase-2 cutover. The final report shows before/after numbers from system audit logs. Want an independent read before you start? Our security audit & penetration testing service measures the access-control gaps an IGA rollout then closes.

See it in practice

Customer references with concrete deltas (inDrive, plus anonymized cases) on our /projects page.

View projects →
FAQ

Frequently asked questions

What are the best identity and access management (IAM/IGA) solutions?

There is no single best IAM solution — the right platform depends on scale, data-residency and existing stack. The platforms most often shortlisted by enterprises are SailPoint Identity Security Cloud and IdentityIQ, Evolveum MidPoint (open-source IGA), Okta, Ping Identity, Microsoft Entra ID, Saviynt and One Identity. Identigy is vendor-neutral and implements across them.

How do I choose an IAM platform for my organization?

Start from constraints, not features. Decide on data residency (SaaS vs on-prem), how many legacy and custom systems need connectors, your budget for licences versus engineering, and your team's DevOps maturity. A short discovery maps these to a shortlist — typically SailPoint for large regulated estates and MidPoint when open-source control and cost predictability matter most.

What is the difference between IAM, IGA and IDM?

IAM (identity & access management) is the umbrella for authenticating identities and authorizing access. IGA (identity governance & administration) adds the governance layer — access requests, certification, segregation of duties and audit. IDM is the lifecycle engine that creates, updates and deactivates accounts as people join, move and leave. Most enterprises need all three.

What outcomes does an IGA implementation deliver?

A finished IGA programme typically cuts new-joiner onboarding from days to under four hours, reduces full offboarding from days to under 30 minutes, raises segregation-of-duties coverage on key roles toward 100%, and removes findings from access-management audits. Exact targets are baselined per customer at the start of the engagement.