Skip to main content

IDM / IGA

Identity Governance & Administration

Strategy, design, implementation, migration, support, and continuous evolution of enterprise IGA programs. Platforms with strong global enterprise presence and audit-friendly engineering.

Talk to an architect
IGA · Services Six engagement types

What we deliver

Strategy through implementation, migration and continuous evolution. Engagements range from a 4–6-week Modernization Concept to multi-year programmes.

Service catalogue

  • IAM Strategy & Maturity Assessment

    ISO 27001 + COBIT 5 + NIST CSF aligned model. Role analysis, SoD discovery, 12–18 month roadmap.

  • Role engineering and mining

    Bottom-up role discovery from existing entitlements, normalisation by least privilege, SoD matrix.

  • Platform implementation

    Evolveum MidPoint, SailPoint IdentityIQ and Identity Security Cloud, Oracle Identity Manager, OneIdentity. Integrations with Workday / SAP SuccessFactors / Active Directory / Entra ID / cloud apps.

  • Legacy migration & modernization →

    Oracle Identity Manager, IBM Security Identity Manager, CA Identity Suite, Microsoft MIM/FIM and other legacy stacks → SailPoint or MidPoint. Phased cutover, parallel run, decommissioning.

  • IDM Modernization Concept →

    Fixed-fee 4–6-week discovery package: architecture, business case, roadmap. Predictable starting point for an enterprise programme.

  • Support and continuous improvement

    Tiered SLA with 24×7 option, regular role review, recertification campaigns, admin training.

Engagement model

  • 4–12 week implementation phases
  • 2–4 architect team typical
  • Fixed-fee discovery option available

Get scoped

Share your current platform, scale, and target outcomes — we'll bring an architect to a 30-minute discovery call.

Talk to an architect
Platforms Five we deploy today

Platforms we work with

Vendor-neutral on selection — we pick the platform that fits the customer's residency, integration and operational constraints, not a partner programme.

Platform inventory

  • Evolveum MidPoint →

    Open-source IGA. We are an Evolveum partner; our engineers contribute to MidPoint upstream.

  • SailPoint IdentityIQ

    On-prem SailPoint deployments and IIQ → ISC migrations. Long-tail support and version upgrades.

  • SailPoint Identity Security Cloud →

    Cloud-native flagship of SailPoint. End-to-end implementation, custom connectors, lifecycle management.

  • Oracle Identity Manager (OIM / OIG) →

    Support of existing installations and managed migration to SailPoint or MidPoint.

  • OneIdentity

    Operations and migration from OneIdentity environments into SailPoint, MidPoint or adjacent stacks in the programme.

Partnerships

  • SailPoint Technology Partner since 2016
  • Evolveum partner, upstream contributor
  • Oracle, OneIdentity — operations & migration

Platform mix

Not sure which platform fits? We deliver vendor-neutral selection advisory — an evaluation framed by your constraints, not a partner programme.

Compare platforms →
Outcomes What changes for the customer

KPIs we target

Concrete deltas typical for a finished IGA programme. Numbers vary by baseline; engagement scoping fixes targets per customer.

Typical deltas

  • Onboarding time for a new joiner: 3–5 days → under 4 hours.
  • Full access revocation on offboarding: 1–3 days → under 30 minutes.
  • SoD coverage on key roles: up to 100%.
  • Regulatory audit on access management: zero findings.

How we measure

Baseline taken in week 1 of the engagement. Targets ratified with the customer before phase-2 cutover. Final report has before/after numbers from system audit logs. For an independent pre-programme read, our security audit & penetration testing service quantifies the access-control gaps an IGA rollout then closes.

See it in practice

Customer references with concrete deltas (inDrive, plus anonymized cases) on our /projects page.

View projects →