We've just gone through a massive growth spurt, acquiring three companies in just 18 months, and now our identity infrastructure is a complete mess. We shot up from 600 to 2400 employees, and each company has its own identity and access management system. Company A is on Okta with AWS, Company B relies on Microsoft with hybrid Active Directory, and Company C is using a confusing custom LDAP setup in addition to Google Workspace. Our original system was Entra ID mixed with some scattered on-prem setups.
Our CFO is pushing for consolidated user account reporting across all companies, while the CISO is screaming for unified access controls to ensure compliance. Right now, HR is drowning in spreadsheets trying to track where everyone works, and payroll is facing issues with deprovisioning, leading to some employees being paid by multiple entities. Recently, one employee promoted from Company B to A ended up with three different accounts and unnecessary access to systems from both organizations—causing a nightmare for security.
Has anyone out there managed post-merger identity consolidation on this level? How long did it realistically take, and what obstacles did you face along the way?
5 Answers
I was involved in a consolidation process with a much larger group, around 7,000 employees from several companies. If you want to do it right, get ready for a lengthy process. Just planning and selecting the right software will take months. I advise treating each entity like a B2B operation during the transition until you can set up a cohesive environment. And definitely consider external help for this kind of scale.
Honestly, brace yourself for a couple of years of heavy lifting. You might need nearly all of IT’s resources for this cleanup, as there’s really no quick fix after such rapid expansions. If you're looking for blame, it probably falls on the execs who made these acquisitions without consulting IT for a solid integration plan.
Haha, definitely the truth! And remember to highlight the personal liability of not taking action—getting that buy-in is crucial!
First off, the initial step when acquiring is to migrate everything into your organization’s systems right away. Merging mailboxes and standardizing identities during the acquisition phase should have been the priority, so it’s a bit shocking to hear that wasn't done. But there's still time to get it sorted out!
Start by interviewing employees about what tools are in use, and adapt. Focus on replacing that LDAP setup as it’s the easiest to transition into AD. Also, streamlining tool usage will minimize future headaches—especially when it comes to user panic during the transition. Don't underestimate how long it’ll take to update all 2500 workstations either; that alone needs a dedicated squad.
Sometimes you just need to rip off the bandaid. I suggest you disable accounts that haven’t been used in 30 days—see who raises a fuss and plan to delete them after 90 days. It can give you a clearer picture upfront. Automate the password changes and enforce strict complexity standards while you're at it.
You really need to tackle that odd custom LDAP setup first—it's a big risk. Plus, get your leadership to choose if you’ll standardize on Microsoft or Google. If it’s Microsoft, Entra is probably the way to go for a planned migration—just negotiate hard for a sweet deal on that.
Right? Those program managers seem to get promoted while the rest of us do the actual work. Just make sure you prepare a couple of resolution paths and present them well; board members forget everything quick!