Overview
A large financial services provider is progressing an uplift in identity and access management as part of its ongoing approach to security and operational efficiency. The organisation set out to simplify access processes, improve visibility across systems and reduce manual effort for internal teams.
Arinco partnered with the organisation to design and deliver a more streamlined and scalable identity approach. The program focused on automating key processes, improving consistency, and creating a stronger foundation for future growth. By bringing identity, access and monitoring capabilities together, the organisation is now better positioned to manage access at scale while maintaining a clear and consistent operating model.
Business challenge
The financial organisation was managing identity and access processes across multiple systems and teams. Activities such as onboarding new staff, updating access when roles changed, and removing access when employees left relied on a mix of manual steps and disconnected workflows. This created extra effort for internal teams and made it harder to maintain a consistent approach across the organisation.
Access requests were handled through service processes that required manual intervention, and periodic access reviews took time to coordinate and complete. Joiner, mover and leaver activity in particular relied on coordination across multiple teams, increasing the risk of inconsistent provisioning and lingering access when roles changed.
There was also an opportunity to improve how access was managed across applications. Different systems followed different patterns, which made it more complex to maintain a clear view.
The organisation identified the need to bring these elements together into a more connected and automated model. The goal was to simplify operations, improve consistency, and create a platform that could support future growth.
As a financial services provider operating under strict regulatory and compliance requirements, the approach to identity and access management needed to meet stringent regulatory standards, adding urgency to the initiative.
Solution
Arinco delivered a multi-stream program covering identity and access management, single sign-on, privileged access and security monitoring. Each stream addressed a specific area while contributing to a cohesive, scalable platform.
The engagement began with a series of stakeholder workshops to understand how people, systems and processes interact across the business. These sessions focused on defining user roles, identifying key systems and mapping how access should be managed in practice. This ensured the design aligned with real operational needs rather than a purely technical view.
From there, the program moved into delivery across three core areas.
Stream 1: Privileged access and single sign-on
Arinco assessed hundreds of applications across the organisation’s environment for both single sign-on suitability and privileged access protection with priority systems onboarded based on business-criticality tier, regulatory exposure, and authentication method.
This created a more consistent way for users to access systems and reduced the need to manage separate credentials across applications. By consolidating access into a smaller number of platforms, the organisation simplified authentication processes and improved the experience for end users.
Standardised onboarding patterns were documented for each platform so that future applications can be added by the organisation’s internal teams using a repeatable approach, making it easier for internal teams to manage and maintain access across a growing application landscape.
Stream 2: Identity and access management
Arinco designed and implemented a modern identity and access model using Microsoft Entra ID.
A core part of the design was automating the joiner, mover and leaver lifecycle by aligning access to employee roles and consuming authoritative role information from the organisation’s HR system. This enabled access to be provisioned, adjusted and revoked automatically as people joined the organisation, changed roles, or departed – reducing manual handoffs between teams and shrinking the window in which access could remain misaligned with a person’s current responsibilities.
Access packages and approval workflows were introduced to standardise how additional access is requested and granted. This helped reduce variation in how requests are handled and made the process more straightforward for both users and approvers. Regular access reviews were also introduced as part of the model, making it easier for teams to validate that access remains appropriate over time.
The model was designed as a reference architecture for progressive adoption – Arinco established the foundation in non-production environments, with a clear path for the organisation to expand coverage across additional applications and user populations.
Stream 3: Security monitoring
Arinco helped consolidate security and infrastructure log sources from across the organisation’s cloud and on-premises environments into Microsoft Sentinel.
Centralising these sources into a single security analytics platform gave the organisation a more unified view of activity across the organisation and reduced fragmentation in how security events are captured, retained and reviewed.
This work supported the organisation’s audit log requirements under PCI DSS and provided their security operations team with a reliable foundation for monitoring and alerting. Arinco also worked alongside the organisation’s security operations function to optimise how data is collected, filtered and retained, balancing analytical value against ingestion and storage costs, ensuring the platform remains efficient and cost-effective as usage grows.
Delivery approach
A key focus of the program was ensuring the solution could be adopted and sustained by the organisation’s internal teams. Arinco worked closely with stakeholders throughout the engagement, combining technical delivery with practical guidance on how processes should operate day to day. This included defining clear ownership for applications, establishing consistent onboarding patterns (in the case of PAM and SSO), and supporting teams as new ways of working were introduced.
The program was structured to deliver incremental improvements across each stream, allowing the organisation to realise value early while continuing to build towards a more complete solution.
By the end of the engagement, the organisation had not only implemented new capabilities, but also established a clearer operating model for managing identity and access going forward.
Outcomes
The program has helped the financial organisation simplify identity processes and create a more consistent approach to access management across the organisation. Key outcomes include:
- Automated joiner, mover and leaver workflows driven from authoritative HR data, reducing manual coordination across teams
- Role-based access aligned to employee responsibilities
- More consistent access management across applications
- Streamlined user experience through single sign-on
- Centralised management of privileged access
- Faster onboarding of applications using standard patterns
- Improved visibility of access and activity across environments
- Reduced reliance on manual processes for access requests and reviews
- Stronger alignment with regulatory and compliance obligations
Beyond these immediate improvements, the organisation now has a scalable foundation for ongoing identity and access enhancements. The organisation is well positioned to continue evolving its approach as requirements change, supported by a platform and operating model designed to grow over time.
