Our expertise
Why do most IAM projects fail?
Uncontrolled access rights
Exposure to cyber threats, NIS2/ISO 27001 non-compliance
Projects abandoned halfway through
Skyrocketing costs, unprecedented results
's teams
are understaffed
Delays, reliance on publishers, operational risks
IAM Architecture Design
Robust, scalable IAM architectures tailored to your business needs.
-
Designing architectures suited to complex, hybrid, and international environments
-
Analysis of the current situation, identification of gaps, risks, and areas for streamlining
-
Designing user journeys that integrate security, governance, operations, and user experience
-
Alignment with security standards, regulatory requirements, and operational objectives
Identity Lifecycle
Manage the entire user journey, from onboarding to departure or a change in role.
-
Automating Joiner, Mover, and Leaver processes to reduce orphan accounts and excessive entitlements
-
Definition of role models, responsibilities, entitlements, and access provisioning rules
-
Integration of HR, ITSM, and business processes to streamline identity management
-
Implementation of control, review, and recertification mechanisms for access privileges
Directory integration
Connect and streamline your directories for consistent and reliable identity management.
-
Integration with Active Directory, Entra ID, LDAP, or other identity repositories
-
Data synchronization and consolidation across HR, IAM, IGA, PAM, and business applications
-
Implementation of rules for account provisioning, deprovisioning, and synchronization
-
Securing identity flows, connectors, and data exchanges between platforms
Compliance & Audit
Strengthen your compliance posture with a clear and measurable view of your IAM controls.
-
Analysis of IAM controls in light of regulatory requirements and security standards
-
Preparation for and support during audits related to access, authorizations, and privileged accounts
-
Development of actionable reports, metrics, and audit evidence for security, compliance, and business units
-
Identification of gaps, recommendations for remediation, and development of prioritized action plans
What we do today
28
Years of experience
Our numbers speak for themselves
+100
Active certifications
76
Projects launched in 2025
17
Country
cutlery
+40
IAM/PAM/IGA Certified Experts
Our technology partners
Use cases
-40 %
DISCONTINUED ACCOUNTS DELETED
100 %
CONDITIONAL ACCESS
18 months
CONSOLIDATED SSO TRACK RECORD
RESULTS ACHIEVED
• 40% of AD accounts cleaned up within the first 3 months, attack surface immediately reduced
• 100% of M365 and SAP accesses covered by Conditional Access with mandatory MFA
• Partner access is time-limited and automatically revoked upon expiration
• 18-month SSO plan approved to accommodate future acquisitions
• Program aligned with Zero Trust principles, with a documented roadmap
IDENT1TY APPROACH
• Comprehensive audit of the existing AD and gradual cleanup of obsolete accounts and groups
• Deployment of Entra ID as a central identity authority with AD Connect synchronization
• Implementation of Conditional Access across all M365 and SAP applications
• Creation of a self-service portal for managing partner access with a limited duration
• Definition of the 18-month SSO roadmap for all of the group’s applications
IAM Cloud First Refresh in Microsoft 365 Migration
IAM · Manufacturing — Mid-sized Companies
Building a unified identity foundation as part of the transition to Entra ID and the Azure ecosystem.
2,500 employees + 600 partners
12 months
AD · Entra ID · M365 · SAP
• Nearly 40% of AD accounts and groups suspected of being obsolete
• Unmanaged partner access with no defined lifetime
• Coexistence of local passwords, ADFS federations, and standalone SAP accounts
• Aiming to align the program with Zero Trust principles
18-month SSO implementation for all of the group's applications
POINTS OF FRICTION
BACKGROUND & ISSUES
An industrial group migrating to Microsoft Cloud, with an Active Directory legacy marked by seventeen years of accumulation: obsolete groups, undocumented service accounts, and uncontrolled partner access.
The security department wanted to establish a unified brand identity capable of accommodating the group’s external growth and integrating acquired subsidiaries.
A different sector, a different challenge.
-80 %
SUPPORT TICKETS
+60 %
PROVISIONING SPEED
100 %
CRITICAL APPLICATIONS IN MFA
RESULTS ACHIEVED
• 80% reduction in support tickets thanks to JML automation
• Provisioning time for new arrivals has been reduced from 3–5 days to less than 4 hours
• 100% of critical applications covered by MFA from the moment they go live
• ACPR evidence file generated automatically for each recertification campaign
• DORA roadmap approved by the executive committee based on the IAM program implemented
IDENT1TY APPROACH
• Deployment of a central directory as a single identity repository across all 8 sites
• Full automation of JML processes connected to HRIS and ITSM
• Deployment of MFA across all sensitive applications — M365, Cassiopae, Sopra
• Implementation of semi-annual recertification campaigns with integrated ACPR reporting
• Training of IT teams and knowledge transfer for autonomous operation
IAM · Regional Private Bank
Modernizing Identity Governance
Access federation, MFA, and lifecycle process automation for 350 employees.
350 employees · 8 locations
9 months
AD · M365 · Cassiopae · Sopra
• Fragmentation of standards with no single authority on identity
• Manual JML processes involving multiple teams over a period of 3 to 5 days
• Lack of multi-factor authentication on sensitive applications
• ACPR expectations regarding access control in light of DORA
POINTS OF FRICTION
BACKGROUND & ISSUES
A private bank managing nearly €5 billion in assets, with a legacy IT system in which each application had its own identity repository.
This lack of standardization had led to duplicate access credentials, orphaned accounts, and an increasing workload for the IT and compliance teams. As part of an ACPR audit, management sought to regain control over identities and standardize JML processes.