Microsoft and Condatis partnered to assist their client, to design a modern standards-compliant single sign on (SSO) solution for all their applications, across divisions. The solutions aim was to consolidate a range of identity and access management technologies, which had been implemented independently within divisions, into a single identity platform. As this platform would be customer-facing, the client asked Condatis to design a solution using Microsoft External ID.
The client is a global leader in mining technology, combining deep customer insights, world class engineering, materials science expertise and intelligent automation to deliver innovative end-to-end mining technology solutions.
The Client
The Challenge
Following a series of acquisitions, our client found themselves with a fragmented Identity and Access Management (IAM) landscape. Each acquired company brought its own unique strategy and technology, resulting in inconsistent and siloed user access experiences. The lack of a unified IAM platform hindered productivity, security, and scalability for the newly integrated organisation.
As such, the client needed a solution that offered a range of benefits:
Unified Authentication & Federated Access
- Single Sign-On (SSO) across OpenID Connect and SAML web applications
- Federated login for users from their home tenants with home-realm discovery
- Support for multiple corporate identity providers with easy runtime configuration
- Secure self-service sign-up/sign-in with multi-factor authentication
- Automated account management including deactivation of inactive users
- Custom user profiles and role-based access control
User & Entity Management
- Grouping of users by business entity or company
- Support for parent/child company hierarchies and multi-location structures
- Centralised control over which users and companies can access specific applications
Application Access Governance
- Streamlined user and business entity assignment to applications
- Self-service user requests and admin approvals for app access
- Full visibility of app-user, user-app, and company-app relationships
Smooth Migration Path
- Bulk migration of users from legacy systems
- Side-by-side operation of old and new systems with data synchronisation
- Gradual migration of individual apps to minimise disruption
Machine-to-Machine Authentication
- Secure and scalable service-to-service communication
Robust Logging & Reporting
- Detailed login activity logs and usage analytics
- Vulnerability monitoring with automated threat protection
- Integration with SecOps tools for incident and task management
Enablement for Future Growth
- Comprehensive documentation and knowledge transfer to empower internal teams for ongoing IAM platform development
To address these business outcomes, the client engaged Condatis to support the strategic development and technical delivery of a cohesive identity solution using Microsoft Entra External ID. While the client had already drafted a high-level design, Condatis was brought in to conduct a comprehensive gap analysis, reviewing the design against the detailed project requirements. This analysis identified key risks, missing functionality, and areas for improvement. Following the gap analysis, Condatis collaborated closely with the client’s team to produce a robust low-level design (LLD) to act as a solution blueprint. This detailed blueprint covered all aspects of architecture, integration, networking, and security – ensuring a development-ready foundation aligned with best practices, tailored to client needs.Partnering with Condatis
The Benefits of Entra External ID
By leveraging Microsoft Entra External ID, the client can achieve a consistent, secure, and scalable IAM experience across all business units and applications.
Based on the solution designed, the client can expect the following benefits:
Unified Experience Across All Applications
With a single, centralised platform, all users – regardless of company or location – will now benefit from a consistent identity and access experience, improving usability and reducing administrative complexity.
Enhanced Security at Scale
By building on Microsoft’s secure, globally distributed, infrastructure, the client can reduce reliance on custom-hosted identity solutions and gain built-in protection against evolving threats.
Cost Efficiency
External ID’s pricing model is based on monthly active users, making it a highly cost-effective solution compared to alternatives. Clients only pay for users who actively authenticate each month, keeping operational costs low and predictable.
Global Reach and Low Latency
With availability across multiple Azure regions, Entra ensures high availability and low-latency authentication for users worldwide – ideal for a distributed enterprise with multiple geographies.
Flexible Identity Provider Integration
Support for external IdPs – including social logins like Facebook and Google – will streamline user onboarding and improve the overall user experience.
Isolated and Secure Data Management
Using External ID in external tenants ensures clear separation of customer identities from internal users and partners, enhancing data governance and compliance.
The result is a future-ready IAM solution that can empower the client to scale securely, manage complexity with confidence, and support innovation across its global business.
Key Highlights
Worked closely with the client’s IAM team to understand, validate, and prioritise core solution requirements.
Engaged with other key internal teams to capture additional infrastructure and security needs, ensuring a fully aligned solution.
Assessed the client’s existing high-level design, identifying potential gaps and providing actionable feedback to strengthen the overall strategy.
Shared deep expertise on current and upcoming Entra External ID capabilities, ensuring the solution was future-ready and aligned with Microsoft’s roadmap.
Delivered a detailed, implementation-focused low-level design (LLD) that covered architecture, integration, networks, and security-ready to take straight into development.
Throughout the engagement, Condatis acted as a trusted partner, not just a design service. We worked side by side with client stakeholders, offering practical advice, guiding decisions, and shaping a solution that could be confidently implemented. Our design was not theoretical – it was actionable, secure, and intended to scale with the client’s evolving business.
Interested in Microsoft Entra External ID for your organisation?
Grab a slot with a team member to discuss how we can solve your challenges together.