The Challenge
This top-tier global bank required a complete identity transformation spanning both workforce and customer-facing populations. The workforce identity challenge mirrored the luxury retail engagement — migrating hundreds of applications to Okta OIE, automating lifecycle management through SailPoint ISC, deploying Delinea for PAM, integrating MDM platforms for device compliance, and achieving passwordless authentication via Okta FastPass on managed devices. But the bank had an additional mandate that elevated the complexity: 380+ customer-facing banking applications needed to be migrated from Okta OIE (workforce identity) to Okta Customer Identity Cloud (CIC) — separating workforce and customer identity planes while maintaining seamless authentication for millions of banking customers. Financial services regulatory requirements (SOX, PCI-DSS, FFIEC) demanded zero authentication disruptions during the migration, full audit traceability, and continuous compliance throughout the transition.
Our Approach
Deployed the complete workforce identity stack: Okta OIE as the central IDP with progressive profiling and adaptive enrollment, SailPoint ISC for Joiner/Mover/Leaver lifecycle automation, Delinea Secrets Server for privileged access management governed through ISC, and Intune/Workspace ONE integration with Okta FastPass for passwordless authentication on managed devices — replicating the proven architecture at financial-services-grade compliance standards.
Architected the Okta OIE-to-CIC migration strategy for 380+ customer-facing banking applications. Designed a phased migration approach that separated workforce identity (remaining on OIE) from customer identity (moving to CIC) — establishing clean identity plane separation while maintaining cross-domain trust relationships for applications that served both populations.
Executed the CIC migration in prioritized waves — starting with lower-risk informational banking applications, progressing to transactional applications, and concluding with high-value applications including online banking, mobile banking, and wealth management. Each wave included parallel authentication testing, session continuity validation, and customer impact monitoring to ensure zero disruption to banking customers.
Implemented CIC-specific capabilities including universal login customization for banking brand consistency, bot detection and credential stuffing protection for customer-facing login flows, breached password detection, and adaptive MFA for high-risk transactions — all while maintaining SOX, PCI-DSS, and FFIEC compliance with automated evidence collection.
Engagement Timeline
Workforce Identity Stack Deployment
Weeks 1-10Okta OIE migration, SailPoint ISC lifecycle automation, Delinea PAM deployment, Intune/Workspace ONE integration, Okta FastPass passwordless rollout — full workforce identity at banking-grade compliance.
CIC Migration Architecture
Weeks 8-12Customer identity plane separation design, OIE-to-CIC migration strategy, application categorization and wave planning, cross-domain trust architecture, regulatory impact assessment.
CIC Migration Wave 1-2
Weeks 13-20Low-risk and informational application migration to CIC, universal login customization, bot detection and credential stuffing protection deployment, parallel authentication testing.
CIC Migration Wave 3 (High-Value)
Weeks 21-26Online banking, mobile banking, and wealth management migration to CIC, adaptive MFA for high-risk transactions, session continuity validation, customer impact monitoring.
Compliance Validation & Handoff
Weeks 27-28SOX/PCI-DSS/FFIEC evidence automation, cross-platform compliance validation, identity plane separation audit, operational runbook delivery, hypercare.
The Results
Complete workforce identity stack deployed — Okta OIE, SailPoint ISC, Delinea PAM, MDM compliance governance, and Okta FastPass passwordless — achieving parity with the proven retail architecture at banking-grade compliance.
All 380+ customer-facing applications successfully migrated from Okta OIE to Okta CIC with zero customer authentication disruptions — clean separation of workforce and customer identity planes achieved.
Customer-facing security posture elevated with CIC-native protections: bot detection, credential stuffing prevention, breached password screening, and adaptive MFA for high-value transactions.
Full regulatory compliance maintained throughout — SOX, PCI-DSS, and FFIEC audit evidence generated automatically, with continuous compliance monitoring across both workforce and customer identity platforms.
"TechSquad delivered a dual transformation — workforce identity with passwordless and full lifecycle automation, plus a flawless migration of 380 customer-facing banking applications from OIE to CIC. Zero customer disruptions. Zero compliance gaps. In financial services, that is not just impressive — it is the only acceptable outcome, and they delivered it."
CISO, Top-Tier Global Bank
Technologies Deployed
Related Case Studies
National Health IT Enterprise
End-to-end identity automation — building a fully automated zero-trust pipeline from cloud infrastructure provisioning through federated just-in-time access with automated session cleanup.
Orphaned accounts eliminated
Provisioning time reduction
Standing cloud privileges
Global Travel Technology Provider
Legacy modernization of 340+ applications, consumer-facing partner platform identity, cloud-native authorization for Kubernetes microservices — and an active credential compromise requiring immediate threat response.
Apps migrated to Okta OIE
Threat actor identified
Repeat incidents post-remediation
Global Hospitality Leader
Complete identity modernization across 6,000+ properties — migrating legacy SiteMinder and CA IDM, enabling contactless mobile guest experiences, and implementing network security at global scale.
Properties unified
Helpdesk ticket reduction
Global auth latency
Ivy League Research University
Complete identity overhaul across 11 academic schools, 2 teaching hospitals, and 3 government research institutions — unifying incompatible authoritative sources into a centralized directory from the ground up.
Institutions unified
Academic schools consolidated
Data loss during migration
Fortune 500 Healthcare
Identity consolidation — unifying 12 disparate identity stores from M&A activity into a single governed view without data migration.
Identity stores unified
Provisioning time
Downtime during migration
Global Luxury Retail Brand
Enterprise-wide identity modernization for a global luxury retailer — migrating 500+ apps from PingFederate to Okta OIE, automating lifecycle management for workforce and retail store users, and achieving passwordless authentication on managed devices.
Apps migrated to Okta OIE
Managed device passwordless
Manual enrollment steps
National Health Insurance Provider
Post-divestiture CIAM transformation — silently migrating 6.5 million consumer identities from Okta OIE to Auth0 for a public-facing healthcare enrollment platform, with zero user disruption and full CI/CD automation.
Users silently migrated
User-reported issues
CI/CD automated