Resilience is a healthcare company operating in a highly regulated environment, with strict security, privacy, and medical device requirements. The company works fully remotely and relies on a large and constantly changing SaaS stack to support its teams.

‍

As the organization grew, access management remained centralized in IT. This created bottlenecks, complex visibility into who had access to what, and increased pressure during audits. At the same time, team capacity was shrinking and compliance expectations were rising. Resilience needed a way to regain control of access without slowing the business down.

Managing access across a massive application landscape

Resilience was running close to 200 applications, including a growing risk of shadow IT. Paying for SSO or SCIM enterprise tiers across the entire stack was not realistic. Many access changes still required manual work.‍

‍

Centralized approvals without context

Access requests were handled mainly through Jira tickets. IT teams were often asked to approve access without knowing whether it was appropriate. Application ownership was unclear, and managers did not always have the time or clarity to manage access decisions.

‍

Risky onboarding and offboarding

The easy Google Sign-in makes people open many access to applications. Offboarding was difficult to control, increasing the risk of lingering access. Access reviews required manual effort and became a heavy burden during audits.

‍

Compliance pressure with limited resources

Operating in healthcare meant audits were non-negotiable. Resilience needed accurate, up-to-date access data to meet ISO-based requirements, without relying on last-minute spreadsheet work.

‍

Resilience evaluated different options acknowledging that access management required a dedicated solution.

‍

With Cakewalk, Resilience implemented a complete Access Management approach across their environment.

‍

Full visibility beyond SSO

Cakewalk gave Resilience real-time visibility into both SSO and non-SSO applications. Browser-based discovery surfaced application usage that identity providers alone could not see.

‍

Clear ownership with shared responsibility

Applications were classified as managed, tracked, or restricted. Clear owners were assigned, with backups to avoid single points of failure. Responsibility moved closer to the teams using the tools, while IT retained oversight.

‍

Slack-based access workflows

Access requests and approvals moved out of Jira and into Slack. Managers and application owners could approve access with context, without navigating complex systems.

‍

Flexible provisioning models

Resilience combined multiple provisioning approaches based on risk and capability:

• SCIM where available
• Agent-based provisioning without SCIM
• Manual owner-driven steps for sensitive systems

‍

Audit-ready access history

Every access grant and removal is logged with full context. IT and security teams can see who approved what, when, and why, without reconstructing data during audits.