Case Study

Transformative Identity Governance: A Global Insurer’s 12-Month Turnaround

Identity governance in insurance is complex, with thousands of users and hundreds of applications to manage. For one global insurer, this challenge had become critical. This identity governance insurance case study highlights how a global insurer overcame long-standing compliance issues with Onaware’s lean approach.

TL;DR
  • Industry Sector
  • Finance
  • Duration
  • 12 months
  • Client Results

    • 100,000 identities and 400 applications brought under centralised management.

    • Automated onboarding/offboarding processes, improving efficiency and security.

    • Reduced IT compliance costs and audit preparation time.

    • 400% increase in detection of revoked accounts, significantly enhancing control.

  • What We Did

    • Designed and implemented a scalable Identity Governance solution

    • Standardised identity lifecycle processes across global regions

    • Onboarded 400+ applications using a repeatable factory-based model

    • Delivered role engineering and real-time policy enforcement

    • Rolled out a fully operational solution across five countries in twelve months

How it started

One of the world’s largest insurance companies needed to modernise its identity and access controls to meet increasing compliance demands and operational complexity. With inconsistent practices across regions and heavily manual processes, the organisation lacked visibility and control over user access. Facing fragmented identity processes and rising compliance risk, one of the world’s largest insurance providers partnered with Onaware to implement a scalable, automated Identity Governance solution. In just twelve months, the organisation achieved centralised access visibility across five countries, reduced audit overheads, and increased detection of inappropriate access by 400%.

The Results

The impact of the Identity Governance solution was both immediate and far-reaching. The client successfully brought over 100,000 identities and 400 applications under centralised governance, establishing a unified view of access across the organisation.

With automated lifecycle management in place, employee onboarding and offboarding processes became faster and more secure, reducing the risk of orphaned or excessive access. The introduction of role-based access controls and policy enforcement led to a 400% increase in the detection and revocation of inappropriate access, dramatically improving audit readiness and security posture.

Beyond operational improvements, the project significantly lowered compliance costs by reducing the manual effort required to prepare for audits and manage certifications. Perhaps most impressively, the solution was fully rolled out across five countries in just twelve months, demonstrating both the scalability of the platform and Onaware’s ability to execute efficiently across global environments.

The Full Story

A Complex Access Landscape

For years, this global insurer had been wrestling with the scale and complexity of its access landscape. With over 100,000 employees and contractors spread across multiple regions, and more than 400 business-critical applications in use, the identity challenge was overwhelming. Access requests moved slowly. Revocations were often missed. Certification campaigns dragged on for months and rarely finished on time. Year after year, auditors flagged the same issues.

Business Impact

The business impact was real. Managers wasted valuable time chasing down approvals. Employees waited days to gain access to the tools they needed. Audit findings turned into costly fire drills, damaging confidence with regulators and putting unnecessary stress on internal teams. Leadership knew that identity governance needed to work differently, but earlier attempts had stalled, weighed down by complexity and lack of focus. This was increasingly important as regulators such as EIOPA highlight the growing cyber risks facing the insurance industry.

Onaware’s Approach

That is where Onaware came in. We were asked to turn the programme around, and quickly. Our approach was lean and pragmatic: fix the basics first, then build confidence with rapid, visible wins. Within the first few months, we had connected the most critical systems and onboarded the highest-risk populations. This meant that access could finally be reviewed and approved consistently, with audit-ready evidence available at the click of a button.

Building Momentum

As the rollout expanded, we embedded policy checks that flagged inappropriate access before it reached production. Review campaigns were redesigned with clear, manageable scopes, helping business managers make faster, more confident decisions. Revocation processes were automated to close the loop, ensuring that access was removed when people moved roles or left the organisation.

Results and Impact

The shift was dramatic. Certification completion rates improved by more than 400 percent, closing long-standing audit gaps. More than 100,000 identities and 400 applications were brought under governance in under 12 months. Instead of fighting through manual spreadsheets, managers were able to complete reviews in hours, not weeks. For the first time, auditors could see clear evidence that risks were being identified and remediated as part of a live control process.

A Platform for the Future

The transformation did not just resolve past issues. It created a platform for the future. The new identity governance model now scales with the business, giving leaders confidence that they can stay compliant as regulations evolve and as the company continues to grow. What started as a rescue effort has become a sustainable programme that reduces risk, accelerates access, and gives the business the assurance it was missing.

This transformation did not just resolve past issues. It created a platform for the future. Similar results were achieved in our identity security success at a top 5 global bank, where rapid delivery and measurable outcomes restored trust in governance.