Six months. That's the typical implementation timeline you'll hear from enterprise identity governance vendors. Some are honest and say nine to twelve months. A few particularly brave salespeople will promise "as little as three months" and then quietly extend the project plan once you've signed.
We thought that was absurd. Not because the problems these platforms solve aren't complex, but because for most mid-market companies, the problem space is much smaller than the enterprise vendors assume. So we set out to build something that a competent IT team could deploy in a day.
Here's how we did it, and what we had to get right to make it work.
Why enterprise IGA takes so long
To understand why our approach is different, you need to understand why enterprise deployments take forever.
Connector sprawl. Enterprise platforms are designed to connect to hundreds of different systems: SAP, Oracle, ServiceNow, Workday, Salesforce, custom LDAP directories, mainframes. Each connector needs configuration, testing, and often customization. A large enterprise might connect 50 to 200 systems during an IGA deployment. That alone takes months.
Custom workflows. Every enterprise has unique approval chains, escalation paths, and exception handling processes. Enterprise IGA platforms offer powerful workflow engines to model these, but building and testing custom workflows is labor-intensive.
Role engineering. Before you can automate access provisioning, you need to define your roles. In a 10,000-person company with 200 applications, role engineering (figuring out which combinations of access rights constitute a "role") is a massive analytical exercise. It often involves workshops with business stakeholders across the entire organization.
Data migration and cleanup. Enterprise deployments usually start with a data quality project. Cleaning up user attributes, reconciling identities across systems, resolving duplicates. This is necessary but time-consuming work.
Organizational change management. Getting thousands of users and hundreds of managers to adopt a new system for requesting, approving, and reviewing access is a change management challenge on top of the technical implementation.
Each of these steps is legitimate for enterprise-scale deployments. The issue is that vendors apply the same methodology to a 200-person company running on Microsoft 365, which is like hiring a construction crew to put up a bookshelf.
Our starting assumptions
When we designed Adcyma, we started with a different set of assumptions about our target customer:
One identity platform. Our customers run on Microsoft Entra ID. That's their identity provider. We don't need to connect to mainframes or on-prem Oracle databases. We need to work really well with one platform.
Tens of apps, not hundreds. A typical mid-market company has 10 to 30 SaaS applications, most of which integrate with Entra ID via SSO. The application landscape is manageable.
Straightforward org structures. Departments, job titles, locations. Not seventeen levels of hierarchy across four business units in twelve countries. The role model can be simpler because the organization is simpler.
Small IT teams. Two to ten people. They don't have IGA specialists. They need something they can understand, configure, and maintain themselves.
These assumptions let us make fundamentally different design choices.
What we did differently
Native Entra ID integration instead of generic connectors. We built directly on the Microsoft Graph API. No middleware, no generic SCIM provisioning layer, no connector framework. This means we can leverage everything Entra ID already knows about your users, groups, and applications. The setup is: authenticate, connect, and you're reading your directory data.
Convention over configuration. Instead of presenting an empty workflow canvas and asking you to build everything from scratch, we start with sensible defaults. Standard onboarding workflow. Standard offboarding workflow. Standard access review campaign. You can customize these, but the starting point works for most companies out of the box.
Role templates based on actual mid-market patterns. We studied how hundreds of Nordic mid-market companies structure their access. Most of them follow similar patterns: department-based access, location-based variations, a handful of privileged roles. We built templates around those patterns so you can start with something that's 80% right and tweak the remaining 20%.
Compliance reporting built in from day one. Most enterprise IGA platforms add compliance reporting as an afterthought or a premium add-on. We built SOC 2, ISO 27001, and NIS2 report templates into the core product because our customers need them from the start.
Self-service setup with in-product guidance. No implementation consultant required. The setup process walks you through connecting your Entra ID tenant, importing your users, defining your roles, and activating your first workflows. Each step has contextual help and validation.
What a typical day-one deployment looks like
Here's the actual flow for a new customer:
Morning:
- Sign up and authenticate with your Entra ID admin account.
- Authorize the connection (we request specific, minimal Graph API permissions).
- Your users, groups, and apps are imported automatically.
- Review the auto-detected organizational structure (departments, locations, job titles).
Afternoon: 5. Define or refine your role templates (what each department/role needs). 6. Set up your onboarding and offboarding workflows. 7. Configure your first access review campaign. 8. Run a test with a sample user to verify everything works.
End of day: You have a functioning identity governance system with automated provisioning, deprovisioning, and scheduled access reviews.
Is it perfect? Probably not on day one. You'll spend the next week or two refining role definitions, adjusting group mappings, and fine-tuning the details. But the core system is running and providing value from day one, not month six.
What we intentionally left out
Being honest here: there are things we chose not to build because they'd add complexity without adding value for our target customer.
We don't have 400 SaaS connectors. We focus on the Entra ID ecosystem. If your identity governance challenge requires connecting to a mainframe, we're not the right tool.
We don't have a custom BPMN workflow engine. Our workflows are configurable but templated. If you need seventeen-step approval chains with custom escalation logic, we're probably not your fit.
We don't do role mining with machine learning. Our role model is based on organizational attributes and manual refinement. If you have 50,000 users and need AI to figure out your roles, look at the enterprise platforms.
These tradeoffs are deliberate. Every feature we don't build is complexity we don't pass on to our customers. And for a 200-person company that just needs reliable identity governance, those missing features are things they'd never use anyway.
The result
Customers tell us two things consistently. First, they're surprised it actually works as quickly as we say. Second, they wish they'd done this sooner instead of spending another year managing access with spreadsheets.
If this sounds like your situation, Adcyma is free for up to 25 users. For larger teams, you can start a free 14-day trial. No credit card, no consultants.