Skip to main content
Modern 42 Logo
Engineering & Delivery

Identity governance that prevents access sprawl before it becomes a risk.

Automated joiner, mover, and leaver workflows. Periodic access reviews with business owner accountability. Entitlement management with time-limited approvals. We implement the full identity governance stack for Australian enterprises using Microsoft Entra ID, Active Directory, and other platforms.

Talk to our team All engineering services
The governance problem

Identity is more than a technology challenge.

Most organisations do not have an access problem. They have a governance problem. Accounts persist after staff leave, access accumulates with every role change, and hygiene issues like dormancy, orphaned accounts, and expired credentials go undetected across both Entra ID and hybrid Active Directory environments.

Regulators, auditors, and insurers are increasingly focused on this area. APRA CPS 234 and the SOCI Act both require demonstrable access governance. More manual processes will not fix this.

As a Microsoft Partner with the IAM Specialist designation, we help you get results using the capabilities you are already paying for in Entra.

Scope

What we implement

The full workforce identity governance stack, from HR-driven provisioning through to access certification and segregation of duties.

Identity Lifecycle Management

We use our Identity Lifecycle Management Playbook to incrementally automate the lifecycle of all your accounts, one event at a time. HR-driven provisioning, role changes, inactivity, dormancy, orphans, leave, and offboarding.

Access Reviews

Fully automate your user access reviews for on-premises, cloud, and disconnected system entitlements. Managers can quickly review all staff access with full audit traceability and automatic ticket creation for resolution.

Entitlement Management

Self-service access request portal with time-limited approvals, business justification capture, and automatic expiry. Access packages for common role-based bundles.

Business Design

Our service designers and analysts help you design and document your IAM operating model, processes, end user experiences, and clarify roles and responsibilities across your organisation.

Technical Design

Our architects and solution designers will design, document, and gain design endorsement so everyone knows what is being built and how it is being deployed. We only want to do this once.

RBAC and SoD

Role definition aligned to job function, not historical access patterns. Segregation of duties policy definition, conflict detection during access requests, and periodic SoD review reporting.

Strategic Advisory

Our experienced IAM consultants help you understand your current state, define your future state, and develop a roadmap to transition while delivering incremental value.

Entra ID Engineering

Our engineers deploy and configure in accordance with your business and technical design. Modern 42 is a Microsoft Partner with the IAM Specialist designation.

The difference

Manual vs automated governance

What changes when identity lifecycle management moves from manual processes to automated governance.

Automated governance
Manual processes
Onboarding
HR-triggered provisioning, same-day access
IT ticket, days to weeks
Role changes
Automatic access adjustment on HR update
Old access retained, new access added
Offboarding
Immediate deprovisioning on termination
Manual checklist, accounts persist for weeks
Access reviews
Automated campaigns with business owner accountability
Spreadsheet-based, annual at best
Audit evidence
Continuous, exportable governance reporting
Point-in-time screenshots
Segregation of duties
Automated conflict detection and enforcement
No enforcement mechanism
Industry Research
75%+

of breaches originate from identity-based threats, with unchecked access quietly expanding the attack surface until it is exploited

The State of Identity and Access Management Maturity, 2025 // GuidePoint Security

Strengthen your identity governance
Outcomes

What you will be able to demonstrate

Governance outcomes that matter to auditors, regulators, and your security leadership.

  • Prove that leavers are deprovisioned within your defined SLA
  • Show auditors a complete access review trail for privileged and sensitive systems
  • Demonstrate that access requests are approved by the right people with appropriate accountability
  • Report on access across all systems from a single governance dashboard
  • Detect and remediate orphaned accounts automatically
  • Monitor and alert on high-risk identity activities and system health checks
Common scenarios

The problems we solve.

These issues persist because manual processes cannot address them at scale.

The leaver problem

Accounts that persist for weeks or months after employment ends. Shared mailbox access that is never revoked. Application accounts that HR does not know about. We automate the full deprovisioning chain.

The mover problem

Staff who change roles accumulate access from every position they have held. Without automated lifecycle management, entitlements grow indefinitely and create a compliance gap that widens with every internal transfer.

The evidence problem

When auditors ask for proof that access is appropriate, most organisations scramble to pull together screenshots and spreadsheets. We implement continuous governance reporting that provides real-time evidence without the fire drill.

FAQ

Common questions

Everything you need to know about workforce identity governance and lifecycle management.

IGA covers the full identity lifecycle: provisioning new accounts on hire, managing access changes during employment, and deprovisioning on departure. It also includes access certification (periodic reviews), entitlement management (access request and approval), and segregation of duties enforcement.
Microsoft Entra ID supports direct integration with Workday and SAP SuccessFactors as provisioning sources. For other HR platforms, we use API connectors or middleware depending on the platform's capabilities.
A focused joiner/mover/leaver automation for a single HR system typically takes eight to twelve weeks. A full IGA programme including access reviews, entitlement management, and SoD enforcement is usually four to six months.
We don't like to reinvent the wheel. We have an Identity Lifecycle Management Playbook that allows us to incrementally automate lifecycle events using a proven approach. If our existing IP covers your requirements, we will use it and the price will reflect that.
Yes. We configure lifecycle management events driven from your Human Capital Management system and ITSM tools. We ensure end-to-end automation of provisioning for both cloud and on-premises accounts, so accounts are created, updated, and disabled based on HR events without manual intervention. For hybrid environments, our Apporetum observability platform can also monitor the effectiveness of HR-to-Entra and Active Directory provisioning, detecting sync gaps and orphaned accounts across your identity estate.
Yes. We help you align account hygiene to your policy with enterprise-level controls for inactivity, dormancy, orphaned accounts, leave, expired credentials, failure to start, and other key events. We use our identity observability platform, Apporetum, to continuously monitor and alert on these hygiene issues so they are detected and addressed before auditors find them.
Not necessarily. As a Microsoft Partner with the IAM Specialist designation, we focus on getting results from the capabilities you are already paying for in Entra. If your current licensing already covers lifecycle workflows, access reviews, and entitlement management, we will help you use them properly before recommending anything new.
Yes. We have service designers and analysts who help you design and document your IAM operating model, processes, end user experiences, and clarify roles and responsibilities across your organisation. Getting the people and process side right is just as important as the technology.
Yes. We automate access reviews for on-premises entitlements, cloud entitlements, and entitlements in disconnected systems. Managers can review all staff access in one place with full audit traceability and automatic ticket creation for issues that need resolution.

Strengthen your identity governance

Start with an audit of your current joiner, mover, and leaver processes.

Get in touchView all services

We use cookies

We use cookies and similar technologies to help personalise content, measure the performance of our site, and provide a better experience. By clicking Accept, you consent to the use of all cookies.
Learn more.