IAM Modernization Across 10,000 Applications Case Study

Client Success

Modernizing IAM Across 10,000 Applications, Three Months Ahead of Schedule

Listen to this client success story

With machine identities outnumbering human identities by 109:1, every access decision carries business, operational and security implications.

That urgency came into focus for a leading global technology provider whose identity landscape had grown to nearly 10,000 applications, deployed across on-premises, hybrid and cloud. What looked like a routine login experience for users was, behind the scenes, a vast and varied ecosystem of applications, user groups, access rights and business dependencies.

The organization’s on-premises identity and access management (IAM) and single sign-on (SSO) environment, powered by PingFederate and PingAccess, was nearing the end of life. Limited support heightened the urgency to modernize, but the greater concern was the business risk of access disruption, application downtime, compliance gaps or friction for the business teams that a migration of this scale could pose.

The goal was to move to a more resilient cloud-based identity ecosystem, built on a customized Okta solution for SSO and Duo for multi-factor authentication (MFA), while continuing to manage millions of SSO and authentication requests daily.

Turning Migration Complexity into Managed Business Program

Persistent was commissioned to drive the IAM platform modernization and we began by working with business stakeholders, application owners and security teams to understand how identity rules translated into day-to-day access. While manually migrating the initial few applications, we realized the complexity that came when every application had its own logic, dependencies and risk profile. Migrating a single application took approximately five days per full-time employee (FTE).

At that pace, there was the cumulative risk of prolonged migration, more time on an unsupported platform, higher potential for access errors, greater pressure on application owners and less predictability for leadership.

Persistent recognized that the migration needed to be treated as a governed business continuity program, not just a technical cutover.

Designing for Applications Owners

To reduce risk at scale, we developed an automated self-service migration platform that translated the complexity of the legacy IAM environment into a guided, repeatable and business-friendly workflow. The platform was designed to make a high-risk enterprise migration easier to execute, validate and govern across a large, diverse application estate.

A key design choice was to meet application owners where they were. The platform mirrored familiar mappings across user groups, applications and access rights, allowing owners to review pre-mapped data in a format they already understood. They could confirm the configuration and trigger a test environment with minimal technical dependency. This reduced friction for business stakeholders, lowered the likelihood of access errors and preserved continuity as the identity provider changed.

A Grafana-based dashboard provided stakeholders with real-time status of migration progress, giving business leaders a heads-up when their application stack would be up for the next migration phase. This allowed leadership to manage the rollout in waves, identify bottlenecks early and reduce the risk of disruption across critical business functions.

Less Time in Legacy, More Confidence in the Future

The automation-led approach transformed the migration from a manual, application-by-application exercise into a governed modernization program. Migration effort was reduced from 5 days per FTE per application to less than a day, resulting in a 75% productivity gain.

The platform supported the migration of approximately 90% of the application estate and enabled the completion of the project three months ahead of schedule. This not only modernized the IAM platform, but also reduced operational costs, avoided extended licensing expenses associated with the legacy platform and accelerated the realization of security, compliance and business continuity benefits.

Persistent delivered:

  • Accelerated migration of 10,000 applications from legacy on-premises IAM/SSO to a cloud-based identity platform, without business disruption
  • Shortened exposure to the end-of-life IAM environment and faster value realization, with the project ending three months ahead of schedule
  • Improved SSO and MFA capabilities through a cloud-based identity foundation
  • Reduced operational effort and avoided extended legacy licensing costs
  • Real-time visibility to the leadership into migration progress, waves and risks

Contact us

(*) Asterisk denotes mandatory fields

    You can also email us directly at info@persistent.com

    You can also email us directly at info@persistent.com