Skip to main content

IDM / IGA

Identity Governance & Administration

We design, build, migrate, run, and evolve enterprise IGA programs. We work on platforms large enterprises trust — and that pass audit.

Talk to an architect

Short answer: there is no single best IAM/IGA solution — the right platform depends on scale, data residency and existing systems. Enterprises most often shortlist SailPoint Identity Security Cloud and IdentityIQ, Evolveum midPoint (open-source), Okta, Ping, Microsoft Entra ID, Saviynt and One Identity. We select vendor-neutral, from your constraints, and implement across them. New to the terms? See the IDM/IGA glossary.

IGA · Services Six engagement types

What we deliver

From strategy to build, migration, and long-term evolution. Engagements run from a 4–6-week Modernization Concept to multi-year programmes.

Service catalogue

  • IAM Strategy & Maturity Assessment

    ISO 27001 + COBIT 5 + NIST CSF aligned model. Role analysis, SoD discovery, 12–18 month roadmap.

  • Role engineering and mining

    Bottom-up role discovery from existing entitlements, normalisation by least privilege, SoD matrix.

  • Platform implementation

    Evolveum midPoint, SailPoint IdentityIQ and Identity Security Cloud, Oracle Identity Manager, OneIdentity. Integrations with Workday / SAP SuccessFactors / Active Directory / Entra ID / cloud apps.

  • Legacy migration & modernization →

    Oracle Identity Manager, IBM Security Identity Manager, CA Identity Suite, Microsoft MIM/FIM and other legacy stacks → SailPoint or midPoint. Phased cutover, parallel run, decommissioning.

  • IDM Modernization Concept →

    Fixed-fee 4–6-week discovery package: architecture, business case, roadmap. Predictable starting point for an enterprise programme.

  • Support and continuous improvement

    Tiered SLA with 24×7 option, regular role review, recertification campaigns, admin training.

Engagement model

  • 4–12 week implementation phases
  • 2–4 architect team typical
  • Fixed-fee discovery option available

Get scoped

Share your current platform, scale, and target outcomes — we'll bring an architect to a 30-minute discovery call.

Talk to an architect
Platforms Five we deploy today

Platforms we work with

Vendor-neutral on selection — we pick the platform that fits how you run, where your data must live, and what you integrate with, not a partner programme.

Platform inventory

Partnerships

  • SailPoint Technology Partner since 2016
  • Evolveum partner, upstream contributor
  • Oracle, OneIdentity — operations & migration

Platform mix

Not sure which platform fits? We deliver vendor-neutral selection advisory — an evaluation framed by your constraints, not a partner programme.

Compare platforms →
Outcomes What changes for the customer

KPIs we target

Concrete deltas typical for a finished IGA programme. Numbers vary by baseline; engagement scoping fixes targets per customer.

Typical deltas

  • Onboarding time for a new joiner: 3–5 days → under 4 hours.
  • Full access revocation on offboarding: 1–3 days → under 30 minutes.
  • SoD coverage on key roles: up to 100%.
  • Regulatory audit on access management: zero findings.

How we measure

Baseline taken in week 1 of the engagement. Targets agreed with the customer before phase-2 cutover. The final report shows before/after numbers from system audit logs. Want an independent read before you start? Our security audit & penetration testing service first measures the access-control gaps. An IGA rollout then closes them.

See it in practice

Customer references with concrete deltas (inDrive, plus anonymized cases) on our /projects page.

View projects →
FAQ

Frequently asked questions

What are the best identity and access management (IAM/IGA) solutions?

There is no single best IAM solution — the right platform depends on scale, data-residency and existing stack. The platforms most often shortlisted by enterprises are SailPoint Identity Security Cloud and IdentityIQ, Evolveum midPoint (open-source IGA), Okta, Ping Identity, Microsoft Entra ID, Saviynt and One Identity. Identigy is vendor-neutral and implements across them.

How do I choose an IAM platform for my organization?

Start from constraints, not features. Decide four things: data residency (SaaS vs on-prem), how many legacy and custom systems need connectors, your licence-vs-engineering budget, and your team's DevOps maturity. A short discovery maps these to a shortlist — typically SailPoint for large regulated estates and midPoint when open-source control and cost predictability matter most.

What is the difference between IAM, IGA and IDM?

IAM (identity & access management) is the umbrella for authenticating identities and authorizing access. IGA (identity governance & administration) adds the governance layer — access requests, certification, segregation of duties and audit. IDM is the lifecycle engine that creates, updates and deactivates accounts as people join, move and leave. Most enterprises need all three.

What outcomes does an IGA implementation deliver?

A finished IGA programme usually cuts these numbers hard. New-joiner onboarding: days → under 4 hours. Full offboarding: days → under 30 minutes. Segregation-of-duties coverage on key roles: toward 100%. Access-management audits: findings removed. Exact targets are baselined per customer at the start of the engagement.