How Resilience Took Control Of Internal Access And Built An Audit-Ready Identity Governance

Resilience needed to manage access across nearly 200 applications in a regulated healthcare environment, with a small IT and security team and rising audit pressure. Manual workflows, unclear ownership, and potential shadow IT made it difficult to control access and prove compliance. With Cakewalk, Resilience gained full visibility across their stack, distributed access ownership, and built an audit-ready access model that works in a fully remote setup.

"It takes too much effort managing people who are leaving the company. We use around 200 applications, and we need to make sure employees have only the necessary rights."
Romain Mekarni
Head of Cybersecurity & IT, Resilience
Introduction

Resilience is a healthcare company operating in a highly regulated environment, with strict security, privacy, and medical device requirements. The company works fully remotely and relies on a large and constantly changing SaaS stack to support its teams.

As the organization grew, access management remained centralized in IT. This created bottlenecks, complex visibility into who had access to what, and increased pressure during audits. At the same time, team capacity was shrinking and compliance expectations were rising. Resilience needed a way to regain control of access without slowing the business down.

The Challenge

Managing access across a massive application landscape

Resilience was running close to 200 applications, including a growing risk of shadow IT. Paying for SSO or SCIM enterprise tiers across the entire stack was not realistic. Many access changes still required manual work.

Centralized approvals without context

Access requests were handled mainly through Jira tickets. IT teams were often asked to approve access without knowing whether it was appropriate. Application ownership was unclear, and managers did not always have the time or clarity to manage access decisions.

Risky onboarding and offboarding

The easy Google Sign-in makes people open many access to applications. Offboarding was difficult to control, increasing the risk of lingering access. Access reviews required manual effort and became a heavy burden during audits.

Compliance pressure with limited resources

Operating in healthcare meant audits were non-negotiable. Resilience needed accurate, up-to-date access data to meet ISO-based requirements, without relying on last-minute spreadsheet work.

The Solution

Resilience evaluated different options acknowledging that access management required a dedicated solution.

With Cakewalk, Resilience implemented a complete Access Management approach across their environment.

Full visibility beyond SSO

Cakewalk gave Resilience real-time visibility into both SSO and non-SSO applications. Browser-based discovery surfaced application usage that identity providers alone could not see.

Clear ownership with shared responsibility

Applications were classified as managed, tracked, or restricted. Clear owners were assigned, with backups to avoid single points of failure. Responsibility moved closer to the teams using the tools, while IT retained oversight.

Slack-based access workflows

Access requests and approvals moved out of Jira and into Slack. Managers and application owners could approve access with context, without navigating complex systems.

Flexible provisioning models

Resilience combined multiple provisioning approaches based on risk and capability:

  • SCIM where available
  • Agent-based provisioning without SCIM
  • Manual owner-driven steps for sensitive systems

Audit-ready access history

Every access grant and removal is logged with full context. IT and security teams can see who approved what, when, and why, without reconstructing data during audits.

The Results
Cakewalk helped Resilience shift from a centralized, ticket-driven access model to distributed ownership with central oversight. Access management became easier to run, easier to audit, and easier for employees to follow.
Operational control
  • Clear ownership for applications and access decisions
  • Less dependency on IT for routine access approvals
  • Improved joiner and leaver handling despite limited team capacity
Security and compliance
  • Accurate visibility into who has access to which applications
  • Detection of dormant accounts and triggered removal flow
  • Audit-ready access history available at any time

Employee productivity
  • Faster onboarding through role-based default access
  • Access requests handled directly in Slack
  • Less waiting time for employees to get the tools they need

Agentic Access Management For Fast-Moving Companies.
Founded:
Industry:
Employees:
200+ Employees
Key Stat:
  • Access control to 200 apps established via one platform
  • Full compliance with strict healthcare regulatory requirements
  • Distributed access responsibility through easy workflows directly in Slack
  • Flexible provisioning vis Agent Cake and SCIM

In the news

High Performer
"Absolutely game changing for JML management"
Easiest Setup
“Cakewalk helps us to run employees access from one simple place”
Easiest to do business with
"Easy. Super reliable. Love it."
Fastest Implementation
"Effortless UX, super valuable!"
Best support
"Best product for fast-moving tech companies"

Get going with Cakewalk - it’s a piece of cake.

Consolidate all accesses, apps and AI agents
Fully automate workflows with Agent Cake
Get guidance based on insights, reducing your attack surface
RBAC, auto provisioning, automated audits and more
Superpower your existing IdP
Get going in minutes