If you're searching for identity governance tooling and your company has under 500 employees, you've probably already noticed that most of the content out there is written for enterprises with thousands of users and dedicated IAM teams. Analyst reports compare SailPoint to Saviynt to One Identity, and none of them seem to acknowledge that you exist.
This page is for the IT manager at a 150-person company who knows they need to get identity governance sorted — maybe because of a SOC 2 audit, maybe because of NIS2, maybe because offboarding is a mess — but doesn't have a six-figure budget or a year to implement something.
Here's an honest overview of the options, including where we fit in.
Why most IGA platforms aren't built for you
The identity governance market was built top-down. Vendors started with large enterprises and worked their way down, sort of. The problem is that "scaling down" an enterprise platform doesn't actually make it simpler. It just makes it expensive for what you get.
A typical enterprise IGA platform comes with role mining algorithms, separation of duties matrices, AI-driven anomaly detection, custom BPMN workflow designers, and connectors for hundreds of applications. These are valuable capabilities when you have 5,000 users across 200 applications. When you have 200 users on Microsoft 365, they're expensive overhead.
The result: most companies under 500 employees end up doing one of three things — ignoring governance until an audit forces the issue, duct-taping together PowerShell scripts and spreadsheets, or massively overpaying for an enterprise tool they use 20% of.
None of these are great options. Here's a more nuanced breakdown.
Option 1: Enterprise IGA platforms (SailPoint, Saviynt, One Identity)
Best for: Companies with 1,000+ employees, complex multi-platform environments, and dedicated IAM teams.
These platforms are genuinely excellent at what they're designed for. SailPoint IdentityNow is a mature, well-regarded cloud platform. Saviynt offers a compelling converged approach combining IGA with PAM and cloud security. One Identity Manager has deep Active Directory expertise that's hard to match.
For a company under 500 employees, the challenges are consistent across all three: implementation timelines of 3–12 months depending on the platform, first-year costs ranging from 50,000 EUR on the low end (SailPoint) to 250,000+ EUR (One Identity with infrastructure), ongoing need for specialized expertise, and significant feature overhead you won't use.
We've written detailed comparisons for each: Adcyma vs SailPoint, Adcyma vs Saviynt, Adcyma vs One Identity.
Verdict for under 500 employees: Usually overkill unless you have genuinely complex, multi-platform identity needs.
Option 2: Microsoft Entra ID native tools
Best for: Companies under 50 employees with simple access needs and no compliance pressure.
Microsoft has been improving governance capabilities in Entra ID, especially with lifecycle workflows, access reviews (P2 license), and entitlement management. For very small companies with straightforward needs, native tools might be enough.
The limitations show up at scale: lifecycle workflows have rigid conditions and limited actions, access reviews are functional but not great for managing multi-department campaigns, and pulling compliance evidence requires stitching data from multiple portal blades. Entra ID P2 licensing also adds roughly 8–9 EUR per user per month, which adds up.
We wrote a full comparison here: Adcyma vs Manual Entra ID.
Verdict for under 500 employees: A reasonable starting point, but most growing companies hit the limitations somewhere between 50–150 users.
Option 3: PowerShell scripts and spreadsheets
Best for: Very small teams with a skilled scripter, no compliance requirements, and low turnover.
Many IT teams end up here by default. An admin writes an onboarding script, then an offboarding script, then a reporting script. It works until that admin leaves, the scripts break, or an auditor asks for evidence that doesn't exist.
The core problem isn't automation — you can automate plenty with PowerShell. It's governance. Scripts don't produce audit trails. They don't run access review campaigns. They don't generate compliance reports. And they represent a knowledge concentration risk that grows over time.
Full comparison here: Adcyma vs PowerShell Scripts.
Verdict for under 500 employees: Works until it doesn't, and you'll know when it doesn't because something will go wrong at the worst possible time.
Option 4: Purpose-built mid-market IGA (this is where Adcyma fits)
Best for: Companies with 50–1,000 employees running on Microsoft Entra ID, especially those with SOC 2, ISO 27001, or NIS2 compliance needs.
Full transparency: this is our product. But the reason we built it is because this category barely existed when we started. The market offered enterprise platforms and DIY. Nothing in between.
Adcyma is designed specifically for companies that have outgrown manual processes but don't need (or want) an enterprise IGA platform. The focus areas:
Automated lifecycle management. Define what each role needs — groups, licenses, Teams memberships, application access — and let provisioning and deprovisioning run consistently every time, connected to your HR system or triggered manually.
Access reviews. Structured campaigns where managers review their team's access, with deadlines, escalation, and full audit trails. Not a spreadsheet. Not a hope-for-the-best annual exercise.
Compliance reporting. Pre-built reports formatted for SOC 2, ISO 27001, and NIS2 audits. Pull what your auditor needs without assembling data from five different sources.
Self-service deployment. Connect to your Entra ID tenant and be operational in a day. No implementation partner, no multi-month project.
Pricing built for mid-market. We don't charge enterprise prices for mid-market companies. Free for up to 25 users. Beyond that, pricing scales with your actual size.
What we deliberately don't do: Role mining, separation of duties policy engines, AI-driven access recommendations, multi-platform governance, custom BPMN workflow designers. Not because these things are bad, but because companies under 500 employees running on Entra ID don't need them, and including them would make the product more complex and expensive without adding value for our customers.
How to choose
The decision framework is simpler than vendors want you to think:
If you have fewer than 50 users and no compliance pressure: Start with Entra ID native tools. You can always add tooling later.
If you have 50–1,000 users, run on Entra ID, and need governance for compliance or operational reasons: This is the space Adcyma is designed for. Start a free trial and see if it fits.
If you have 1,000+ users, manage identities across multiple platforms (not just Entra), and have a dedicated IAM team: Evaluate enterprise platforms like SailPoint, Saviynt, or One Identity. You'll use the capabilities and can justify the investment.
If you're somewhere in between and unsure: Honestly, just reach out. We'll tell you straight whether Adcyma is the right fit or whether you should look elsewhere. We'd rather point you in the right direction than sell you something that doesn't match your needs.
Adcyma is free for up to 25 users. For larger teams, start a free 14-day trial. No credit card, no consultants.