Let me paint a picture you might recognize. Your company is growing. Maybe you're at 150 employees, maybe 300. The manual way of managing user accounts is clearly not cutting it anymore. Someone suggests you need an IGA solution (Identity Governance and Administration), and suddenly you're in sales calls with vendors who want to talk about "transformation journeys" and six-figure annual contracts.
You sit through the demo and think: "We just want to automate onboarding and make sure people lose access when they leave. Why does this feel like buying a space shuttle to get groceries?"
That feeling is correct. Most IGA solutions were built for companies with thousands or tens of thousands of employees. If you're under 500 people, there's a very good chance you're looking at the wrong category of tool entirely.
The enterprise IGA trap
Traditional IGA platforms like SailPoint, Saviynt, and One Identity are genuinely impressive pieces of software. They handle complex scenarios like managing access across hundreds of applications, governing privileged accounts at massive scale, and supporting custom approval workflows with dozens of stakeholders.
The problem? All of that complexity comes with a price tag and an implementation timeline to match.
A typical SailPoint deployment at a mid-market company runs somewhere between 200,000 and 500,000 EUR in the first year, including licensing, professional services, and customization. Implementation takes six to twelve months. You'll need a dedicated team (or expensive consultants) to maintain it. And you'll use maybe 20% of what the platform can do.
That's not a criticism of those platforms. They're solving hard problems for large organizations. But if your Entra ID tenant has 200 users and a handful of connected applications, you're paying enterprise prices for enterprise capabilities you simply don't need.
What companies under 500 actually need
When I talk to IT managers at companies in this size range, the wish list is remarkably consistent:
"I want new hires to get the right access on day one without me setting it up manually." That's automated provisioning. Define what each role needs, and let the system handle it when someone starts.
"I want access revoked the same day someone leaves." That's automated deprovisioning. HR flags someone as departed, and the system disables the account, revokes sessions, removes group memberships, and pulls licenses.
"I want to know who has access to what, right now." That's a live access inventory. Not a spreadsheet you update quarterly, but an actual view of current state.
"I need to pass our SOC 2 audit without it being a nightmare." That's compliance reporting. Automated access reviews, documented provisioning processes, and exportable audit logs.
That's the list. Four things. You don't need a platform that supports 400 SaaS connectors and custom BPMN workflow engines. You need something that does these four things well and integrates with the system you're already using: Microsoft Entra ID.
The hidden costs nobody talks about
Let's talk about what actually happens when a 200-person company buys an enterprise IGA tool.
The implementation drags on. What was quoted as "three months" turns into nine. Your IT team is pulled into workshops, integration sessions, and testing cycles. Meanwhile, the manual processes you were trying to replace keep running because the new system isn't ready yet.
You become dependent on consultants. Enterprise IGA platforms are highly configurable, which sounds great until you realize that "configurable" means "you need specialized expertise to change anything." Want to add a new role template? That's a consulting engagement. Want to update an approval workflow? Better check if your SI partner has availability.
User adoption stalls. The platform is powerful but complicated. Your IT team of three people doesn't have time to learn all its features. They use the basics and ignore the rest. You're paying for a Ferrari but driving it in first gear.
It doesn't actually fit your identity landscape. Most companies under 500 people run on Microsoft 365. Their identities live in Entra ID. Maybe they have a handful of other SaaS apps. An enterprise IGA platform that was designed to govern hundreds of heterogeneous systems is fundamentally over-architected for this environment.
Signs you need something, but not an enterprise IGA
Here's a quick gut check. If any of these sound like you, you need better identity governance. But you probably don't need a traditional IGA platform.
- Your company has between 50 and 500 employees.
- Your primary identity system is Microsoft Entra ID.
- Your IT team is fewer than 10 people.
- You connect to fewer than 20 SaaS applications.
- You don't have a dedicated IAM team (and aren't planning to hire one).
- You need to pass compliance audits (SOC 2, ISO 27001, NIS2) but the requirements feel disproportionate to your size.
If you checked most of those boxes, what you actually need is a lightweight, focused identity governance tool that works natively with Entra ID, doesn't require consultants to set up, and gives you the automation and compliance reporting you need without the enterprise complexity.
The middle ground exists
For a long time, the IGA market had two options: do it manually, or buy an enterprise platform. There was nothing in between. Companies either struggled with spreadsheets and ad-hoc processes, or they took on massive implementations that consumed their IT team's bandwidth for months.
That gap is exactly where a new generation of tools is emerging. Tools that are purpose-built for mid-market companies on Microsoft 365. Tools that deploy in days instead of months. Tools that cost a fraction of what enterprise platforms charge.
The philosophy is simple: cover the 80% of IGA capabilities that 80% of companies actually need, and do it in a way that a small IT team can set up and manage without outside help.
Asking the right questions
Before you sign anything, ask these questions:
- Can we deploy this ourselves, without professional services?
- How long until we're actually using it in production?
- Does it integrate natively with Entra ID, or do we need middleware?
- What happens when we need to make changes? Can our team do it, or do we need consultants?
- What does the total cost look like over three years, including implementation and maintenance?
If the answers involve "transformation roadmaps," "phased deployments," and "your dedicated solutions architect," you might be looking at the wrong size of solution.
If this sounds like your situation, Adcyma is free for up to 25 users. For larger teams, you can start a free 14-day trial. No credit card, no consultants.