Identity management

Identity management is a broad, complex topic, with a wide range of offerings that deliver varying degrees of automation, flexibility, compliance and cost.

Whether you're taking a small, first step into identity management or navigating a complex enterprise HR-driven implementation, we can help you develop and implement a business-aligned strategy.

Our framework

Identity projects are data projects. Good data governance is required to realise the best returns in risk and compliance.

As a Microsoft Partner, we prioritise solutions well-aligned to Microsoft products, with a particular focus on complex hybrid environments.

Our framework

Scope

Determine what the identity solution will manage. A basic implementation might only include employees and groups, while a mature one might include anything that can authenticate, including computer accounts and service principals.

Assess

See how aligned your policies, processes and technical environment are to delivering the scope.

Design

Produce the policy, process and technical architecture that can deliver the scope.

Implement

Put the design into action in the specific order of policy, process and technical implementation.

Supported integrations

  • Microsoft on-premise to Microsoft cloud;
  • HR and API-driven provisioning such as Workday;
  • Third-party to Active Directory and/or Entra ID;
  • REST, SOAP and .NET;
  • Bespoke Microsoft Graph.

Identity platform products

There's a lot of products marketed as identity platforms, however, there's significant difference in scope of purpose and scope of management amongst them.

A good product will:

  • Ensure compliance through rolling back unapproved changes made in connected systems;
  • Handle complex business entity relationships, such as organisational structures and people concurrently holding multiple positions, etc.;
  • Manage all security principal types - attackers will leverage any path available to them. Lesser products will be limited to user and group objects;
  • Have a good policy engine that enables full automation in preference to approval workflows (aka management by exception);
  • Not bleed your organisation dry through hidden licencing costs (feature enablement, traffic/storage volume, connectors, etc.).

Risk and compliance are our key deliverables and we use a simple two-tier categorisation when assessing products:

  • Tier 1: Guarantees compliance through rolling back unauthorised changes in connected systems;
  • Tier 2: Does not roll back unauthorised changes.

Below is a simple adoption matrix comparing common identity platforms:

IDM adoption matrix