The Challenge
A Fortune 500 healthcare and pharmaceutical enterprise had accumulated 12 disparate identity stores through a decade of mergers and acquisitions — spanning Active Directory forests, LDAP directories, cloud directories, and proprietary databases. There was no single source of truth for identity data. Provisioning a new employee required manual updates across an average of 4 systems and took 3-5 business days. Quarterly access reviews consumed 3 weeks of effort, HIPAA compliance was at risk from ungoverned access, and privileged accounts across acquired entities lacked any vaulting or session management.
Our Approach
Mapped the complete identity landscape across all 12 stores, identifying 340,000+ identities and 2.1 million entitlements with comprehensive overlap, conflict, and orphan analysis.
Deployed RadiantLogic VDS to create a unified virtual directory layer — aggregating all 12 identity sources into a single real-time view without requiring data migration, schema changes, or disruption to existing applications.
Implemented SailPoint for identity governance with automated access certifications, intelligent role mining across the consolidated identity fabric, and policy-based provisioning that eliminated manual multi-system updates.
Integrated CyberArk for privileged access management, vaulting 800+ privileged accounts across all acquired entities with session recording, just-in-time elevation, and automated credential rotation.
Engagement Timeline
Identity Landscape Mapping
Weeks 1-3Catalog all 12 identity stores, map 340,000+ identities, analyze 2.1M entitlements for overlaps and conflicts.
Virtual Directory Design
Weeks 4-6RadiantLogic VDS architecture, schema harmonization strategy, connector design for all 12 sources.
Virtualization & Governance
Weeks 7-11VDS deployment, SailPoint integration, automated certification campaigns, role mining across consolidated fabric.
Privileged Access Vaulting
Weeks 12-14CyberArk deployment, 800+ privileged account onboarding, session recording, JIT elevation policies.
Validation & Compliance
Weeks 15-16End-to-end provisioning validation, HIPAA evidence collection automation, operational handoff, hypercare.
The Results
All 12 identity stores unified into a single governed view via RadiantLogic virtualization — achieved without a single data migration or schema change.
Provisioning time reduced from 3-5 days to minutes through automated workflows across the virtual directory layer.
Zero downtime during the entire migration — existing applications continued operating against their native directories while governance was layered on top.
All 800+ privileged accounts vaulted with CyberArk, eliminating standing privileged access and achieving full HIPAA compliance certification.
"TechSquad accomplished what our internal teams said was impossible — unifying 12 identity stores without migrating a single record. The RadiantLogic virtual directory approach was brilliant, and layering SailPoint governance on top gave us the compliance posture we desperately needed. Zero downtime. Sixteen weeks. Extraordinary."
CISO, Fortune 500 Healthcare Enterprise
Technologies Deployed
Related Case Studies
National Health IT Enterprise
End-to-end identity automation — building a fully automated zero-trust pipeline from cloud infrastructure provisioning through federated just-in-time access with automated session cleanup.
Orphaned accounts eliminated
Provisioning time reduction
Standing cloud privileges
Global Travel Technology Provider
Legacy modernization of 340+ applications, consumer-facing partner platform identity, cloud-native authorization for Kubernetes microservices — and an active credential compromise requiring immediate threat response.
Apps migrated to Okta OIE
Threat actor identified
Repeat incidents post-remediation
Global Hospitality Leader
Complete identity modernization across 6,000+ properties — migrating legacy SiteMinder and CA IDM, enabling contactless mobile guest experiences, and implementing network security at global scale.
Properties unified
Helpdesk ticket reduction
Global auth latency
Ivy League Research University
Complete identity overhaul across 11 academic schools, 2 teaching hospitals, and 3 government research institutions — unifying incompatible authoritative sources into a centralized directory from the ground up.
Institutions unified
Academic schools consolidated
Data loss during migration
Global Luxury Retail Brand
Enterprise-wide identity modernization for a global luxury retailer — migrating 500+ apps from PingFederate to Okta OIE, automating lifecycle management for workforce and retail store users, and achieving passwordless authentication on managed devices.
Apps migrated to Okta OIE
Managed device passwordless
Manual enrollment steps
Top-Tier Global Bank
Full identity modernization for a top-tier global bank — replicating the enterprise identity stack (Okta OIE, SailPoint ISC, Delinea, device compliance, passwordless) and then migrating 380+ customer-facing applications from Okta OIE to Okta CIC for consumer identity.
Apps migrated OIE → CIC
Workforce apps on Okta OIE
Customer auth disruptions
National Health Insurance Provider
Post-divestiture CIAM transformation — silently migrating 6.5 million consumer identities from Okta OIE to Auth0 for a public-facing healthcare enrollment platform, with zero user disruption and full CI/CD automation.
Users silently migrated
User-reported issues
CI/CD automated