Why do most IGA projects fail?
Access rights that have never been reviewed
Employees who accumulate benefits over the years. A target area that grows without anyone noticing.
Compliance that is impossible to prove
Without identity governance, conducting SOX, NIS 2, and ISO 27001 audits makes it a nightmare to determine who has access to what.
Undetected orphan accounts
Former employees, contractors, service accounts—active access credentials that no one monitors or revokes.
Identity Governance
Establish a clear, reliable, and well-managed identity and access governance framework.
-
Definition of the governance model for identities, roles, responsibilities, and associated processes
-
Management rules that control who accesses what, why, and under what authority
-
Streamlining access permissions to reduce excessive privileges, obsolete access, and unmanaged accounts
-
Aligning governance with business, security, compliance, and audit issues
Review of Access Rights
Set up effective review campaigns that are clear and actionable for business units.
-
Design and automation of access rights recertification campaigns
-
Defining the scope of reviews by application, user group, business role, or risk level
-
Supporting managers, application owners, and compliance teams during the access validation process
-
Identification of discrepancies, unauthorized access, or permissions that need to be revoked, with tracking of corrective actions
Identity Lifecycle Management
Secure and streamline identity management throughout the entire identity lifecycle.
-
Automation of the Joiner, Mover, and Leaver processes to ensure that access is granted and revoked at the right time
-
Integrating HR, IT, and business processes to ensure the reliable creation, modification, and deletion of identities
-
Defining access assignment rules based on functions, entities, roles, or user profiles
-
Reducing risks associated with dormant accounts, persistent access, and unrevoked permissions
Separation of Duties (SoD)
Identify, monitor, and mitigate risks associated with conflicts of interest involving sensitive authorizations.
-
Analysis of roles and permissions to identify conflicts related to the segregation of duties
-
Definition of SoD matrices tailored to business processes, critical applications, and internal control requirements
-
Implementation of preventive and detective controls to limit risky access combinations
-
Actionable risk reports and remediation plans for security, audit, and business teams
HRIS Integration & Business Applications
Integrate IGA solutions with HR, IT, and application systems to ensure consistent and automated governance.
-
Integration with HRIS systems to ensure the accuracy of data on employee identity, hire dates, separation dates, and job changes
-
Integration with business applications to manage access to the company's critical systems
-
Connectors, workflows, and provisioning rules tailored to customer environments
-
Data synchronization between IGA, IAM, PAM, directories, ITSM, and internal applications
Reporting & Compliance
Have a clear, measurable, and auditable view of identities and access.
-
Dashboards and compliance reports related to identities, access, audits, and risks
-
Production of actionable audit evidence for compliance, security, internal audit, and business teams
-
Monitoring of key indicators: excessive permissions, orphaned access, review campaigns, SoD conflicts, and remediation
-
Alignment of IGA controls with regulatory requirements, internal policies, and security standards
What we do today
28
Years of experience
Our numbers speak for themselves
+100
Active certifications
76
Projects launched in 2025
17
Country
cutlery
+40
IAM/PAM/IGA Certified Experts
Our technology partners
Use cases
95 %
CAMPAIGN COMPLETION RATE
-35 %
EXCESSIVE RIGHTS REVOKED
-60 %
NON-BUSINESS TECHNICAL ROLES
RESULTS ACHIEVED
• A 95% completion rate for review campaigns, compared to less than 60% previously
• 35% of excessive entitlements identified and revoked in the very first campaign using the new model
• 60% of technical roles consolidated or eliminated; role model finally understandable to business units
• SoD conflicts detected and blocked automatically, no more untraced manual exceptions
• ACPR report generated automatically for each campaign, compliance team workload reduced by two-thirds
IDENT1TY APPROACH
• Completely redesigned the role model in collaboration with business teams to create clear and actionable roles
• Implementation of recertification campaigns targeted by risk level, with sensitive access reviewed quarterly
• Development of simplified review interfaces with business context to facilitate managerial decision-making
• Implementation of automatic SoD rules to block incompatible access combinations upstream
• Generation of automated audit reports that can be used directly by ACPR and internal control teams
IGA · Universal Bank — Tier 1
Access Review and Recertification Program
Scaling up IGA campaigns and reducing access debt across 800 applications.
15,000 employees · 800 applications
Windows · Linux · Databases · Networking
18 months
• Non-discriminatory mass validation that creates a risk of non-compliance
• Several thousand technical roles without a clear business counterpart
• Accumulation of rights related to past mobility that have never been cleared
ACPR and European Supervisory Authority expectations regarding the separation of duties
POINTS OF FRICTION
BACKGROUND & ISSUES
A European banking group whose semi-annual access review campaigns were deemed inadequate by the internal control functions. Managers were approving requests en masse without conducting any analysis, a practice that had been flagged by both the internal audit team and the ACPR inspection.
The risk management team wanted to regain control of the role model, which had become unreadable due to a flood of ad hoc requests.
Another case, another challenge.
Day 0
PROVISIONING OF NEW ARRIVALS
≈ 0
PERSISTENT ORPHAN ACCOUNTS
-25 %
OPTIMIZED LICENSING COSTS
RESULTS ACHIEVED
• Provisioning for new arrivals on Day 0, with access available in-store from day one
• Virtually no persistent orphaned accounts; automatic deactivation upon each logout
• 25% reduction in licensing costs through the detection and deactivation of inactive accounts
• Seasonal peaks are handled without support tickets; the process runs completely autonomously
• Harmonization of identity governance between the two subsidiaries based on a single model
IDENT1TY APPROACH
• Connectors to both HRIS systems with automatic reconciliation of identity data across subsidiaries
• Full automation of the Joiner process with provisioning triggered upon HR approval
• Implementation of the automated Leaver process — immediate deactivation on the departure date recorded in the HRIS
• Scalable architecture capable of handling seasonal spikes without compromising response times
• Automated monthly review of dormant accounts with gradual deactivation and notification to managers
IGA · Retail — national chain
Automation of JML processes for a retail distributor
Day-0 provisioning, removal of orphan accounts, and streamlining the employee onboarding process.
12,000 employees · High turnover rate
HRIS · AD · ERP · ITSM
10 months
• Store employees without access are forced to use their colleagues' access
• Lack of a systematic deactivation process at the outset
• Two separate HRIS systems depending on the subsidiaries, with diverse organizational structures
• Massive spikes in arrivals during very short windows in peak season
POINTS OF FRICTION
BACKGROUND & ISSUES
A national retail chain heavily influenced by seasonality and high turnover. The restocking process relied on manual tickets processed by multiple teams, with lead times ranging from 3 to 10 days.
Conversely, account closures were only partially processed, resulting in a large number of dormant accounts.