45 Apps. Zero Audit Trail. Three Weeks to Fix It.

The Problem

The entire identity layer ran through Google Workspace. There was no SSO, and 45 applications each managed their own access. When someone joined, a person built their account by hand. When someone left, their access stayed live until the right person remembered to remove it.

Nobody had a reliable picture of who held access to what, or from where.

What Was Actually at Risk

An ex-employee still active in a production app. A 45-application estate with nothing resembling an audit trail, right as a potential acquirer starts asking questions.

For a company at this stage, with acquisition conversations already in play, those things don't surface as technical debt. They surface as deal risk.

How We Did It

Okta was deployed via Terraform and mapped into the existing Google Workspace OU structure, keeping the directory intact and avoiding migration overhead. Nobody woke up to a broken login. Each of the 45 applications was onboarded individually, with permission layers documented and governed as they came in rather than retrofitted after the fact.

HiBob was then connected as the HR source of truth so that employment changes (new starters, role changes, departures) flow directly through to access and app entitlements. That removed the tickets, the manual handoffs, and the gaps between someone leaving and their access actually being revoked.

The Result

Three weeks of engineering and the entire access lifecycle is automated. HR makes a change in HiBob and the rest follows: right access on arrival, clean exit on departure. The ticket queue that used to fill with access requests cleared, and IT got their time back for project delivery. The estate went from invisible to governed.