Contact
Focus area: Platform, cloud, and architecture · Identity and access

Identity,access,andpermissionsaspartofthearchitecture,notanafterthought.

We design and build authentication and authorisation systems that have to carry several applications, several user groups, and several regulatory requirements. OAuth 2.0, OpenID Connect, SAML, single sign-on, and self-service administration are connected such that users do not have to sign in repeatedly while audit trails remain robust.

Book a scoping callEngagement packages
OAuth 2.0 / OpenID Connect / SAMLSingle sign-on and federated identitiesRole, right, and permission modelSelf-service management of identities

Engagement packages

Every package starts from a clear objective.

Each package starts with a worked-out architecture and ends with a clean handover to your operations team, and we agree the scope and the investment frame together after a first inventory of the work at hand.

2 – 3 weeks

Start here

Identity audit

Assessment of the current authentication and authorisation landscape. We review providers, token behaviour, permission models, and audit trails and deliver a written recommendation.

Included

  • Assessment of current identity providers
  • Token and session behaviour
  • Permission model with roles and rights
  • Audit and logging inventory
  • Recommendation for consolidation

Best suited for

Organisations with grown provider and role landscapes that should be structurally consolidated.

Book a scoping call
Single sign-on

Engagement 01

Single sign-on

6 – 10 weeks
Authorisation system

Engagement 02

Authorisation system

8 – 14 weeks

How we work

Our approach.

Every engagement follows a repeatable course from analysis through implementation into ongoing operation.

01

Intake

We map the current identity and authorisation landscape. Applications, user groups, and regulatory requirements are inventoried.

02

Model

We design the target model: IdP, federation, token behaviour, authorisation model, audit trails. The model is signed off in writing before implementation.

03

Implementation

We build the system and connect the first applications. Every onboarding is documented via a repeatable path.

04

Handover

We hand the system over together with onboarding instructions to your operations and security team. Independent extension is then possible.

Typical use cases

Where this work carries the most weight.

A selection of typical engagements, without drawing a closed list, so requests beyond these areas are explicitly welcome.

Several applications currently have their own sign-in flows and should be bundled under SSO.

An existing IdP should be moved onto modern protocols (OIDC).

External partners and customers should be brought in via federation.

Permissions should become audit-grade documented, e.g. for an audit obligation.

Self-service for internal users (role changes, access requests) should be introduced.

Common questions

What decision-makers usually ask.

Answers to the questions we are asked most often during the framing of an engagement.

4 questions

We regularly work with Entra ID, Keycloak, Auth0 and Ory, and which IdP fits is decided in the architecture step, depending on the existing landscape, regulatory requirements and data sovereignty.

Next step

Let's walk through your initiative together.

Where a structured engagement begins

Start a project

Office

  • Karlsbad
    Auf der Hub 38
    76307 Karlsbad, Germany
  • Remote
    Distributed team
    Available internationally