IAM Consulting · Identity Security · 60+ Years Combined Experience

Maximize Your
IAM Success.
Govern Every Identity.

End-to-end Identity & Access Management consulting — SailPoint ISC implementations, Okta integrations, Joiner-Mover-Leaver automation, Access Reviews, SOX, DORA, and NIS2 compliance readiness, and beyond. From strategy to operations.

Start Your IAM Journey Explore Services
60+
Years Combined IAM Exp.
4K+
Identities Governed
100+
Sources Integrated
60
Subsidiaries Covered
Shadow AI is already inside your perimeter

Your AI agents have identities.
Who's governing them?

Right now, AI agents are authenticating through OAuth On Behalf Of, calling your APIs, running CLI tools, pulling data they probably shouldn't have access to. No lifecycle controls. No access reviews. Permissions nobody signed off on. We help you find those agents and bring them under the same governance as your human identities.

See our approach to Agentic AI
Platforms SailPoint ISC Okta OneIdentity CyberArk Ping Identity AWS IAM Azure AD / Entra ID Active Directory n8n ISO 27001 DORA SOX
Agentic AI & Identity

The biggest ungoverned identity risk
in your enterprise is non-human

Every organisation is rolling out AI agents in copilots, automation pipelines, customer workflows. Most treat them as software, not identities. They authenticate through shared service accounts, pick up privileges via OAuth On Behalf Of, and nobody runs JML controls on them. Meanwhile, they're accumulating as shadow identities your access reviews don't touch and your audit trails don't see.

Shadow agent identities

Agents spin up across departments and central IT doesn't know they exist. They inherit user tokens through OAuth On Behalf Of, act with the user's full permission set, and your identity governance platform has no record of them.

Over-privileged by default

Agents need API access, file system access, CLI tools, cloud resources. Teams hand out broad permissions to get things working. Nobody goes back to review, rotate, or revoke them.

No lifecycle, no off-switch

When a project wraps up or someone leaves the company, their agents keep running. No mover event, no leaver trigger, no deprovisioning. Orphaned agents pile up like orphaned service accounts, except these ones are still actively doing things at 3 AM.

Invisible to your auditors

SOX, DORA, and ISO 27001 campaigns review human access. Agent identities sit completely outside those reviews. Every unreviewed agent is a finding that hasn't been written up yet.

Govern agents like identities, because that's what they are

We take the IAM principles that already work for human identities and extend them to agents. Our Agentic IAM framework treats every AI agent as a proper identity with its own lifecycle, entitlements, and review schedule. No new tooling religion required.

Agent discovery and inventory

Find every agent in your environment: OAuth app registrations, service principals, API keys, CLI-authenticated sessions. Start with what's actually there.

Agent identity lifecycle

Extend your Joiner-Mover-Leaver automation to cover agents. Creation triggers onboarding. Scope changes trigger recertification. Project closure triggers deprovisioning. Same logic, different identity type.

Least privilege enforcement

Right-size agent permissions with your existing PAM and entitlement tooling. Swap broad OAuth scopes for purpose-limited grants. Use just-in-time access for sensitive operations.

Agent access reviews and audit trails

Bring agent identities into your certification campaigns alongside human ones. Build audit trails showing what each agent accessed, when, and under whose authority. Auditors get the evidence pack they need for SOX, DORA, and ISO 27001.

5

Segregation of duties between agents

Least privilege limits what a single agent can do. SoD limits what it can do alone. We design agent architectures where no single agent holds enough access to complete a sensitive operation end-to-end — read access lives in one agent, write or execute access in another, approval in a third. If one agent is compromised, the blast radius stays contained. The same SoD rules your human access model enforces apply here, and we map them using the entitlement tooling you already have.

End-to-End IAM Services

From roadmap and vendor selection to full implementation, automation, and ongoing governance — one integrated team, no handoff gaps.

IAM Consulting & Advisory

Strategic roadmaps, maturity assessments, and architecture blueprints aligned with your compliance and business goals.

Vendor Selection

Unbiased evaluation of IGA, PAM, and AM platforms — SailPoint, Okta, CyberArk, OneIdentity, Ping — matched to your size and use cases.

SailPoint ISC Implementation

Full-cycle Identity Security Cloud delivery: connectors, role modeling, lifecycle policies, access certifications, and reporting.

Okta SSO, MFA & Passwordless

Workforce and customer identity deployments, SSO federation, adaptive MFA, and passwordless authentication across all your apps.

Access Reviews & Certifications

Automated certification campaigns — SailPoint-native or manual — satisfying SOX, ISO 27001, DORA, and PCI audit requirements.

Access Request & Fulfillment

Self-service portals, multi-step approval workflows, and automated provisioning that cut wait times and eliminate manual errors.

Joiner-Mover-Leaver Automation

Lifecycle event automation via n8n and native ISC workflows — onboarding, role changes, and offboarding with zero manual steps.

Workforce, Customer & Partner IAM

Purpose-built identity programs for employees, contractors, partners, and customers — right controls for every audience.

PAM & Cloud Entitlements

Privileged Account Management, AWS IAM and Azure AD entitlement right-sizing, over-provisioning detection, least-privilege enforcement.

Regulated Industries Are Our Specialty

Complex compliance landscapes, sensitive data, zero tolerance for errors — where our IAM expertise delivers the most impact.

Financial Services & Banking

SOX, PCI-DSS, GDPR, and DORA compliance, privileged access controls for financial systems, and audit-ready certification processes.

Pharma & Life Sciences

Robust IAM for sensitive IP protection, GxP-compliant access controls, and standalone identity environments for spin-offs and carve-outs.

Insurance & InsurTech

IGA governance for large distributed workforces, M&A identity integrations, and GDPR-aligned access management.

Global Enterprise & Multi-National

Multi-tenant IAM architectures spanning dozens of subsidiaries, multilingual rollouts, NIS2-ready identity architecture, and centralized governance at scale.

Regulatory Compliance

Reach Compliance Faster with IAM

ISO 27001, DORA, SOX, NIS2, and GDPR all demand the same thing at their core: proven, auditable identity controls. The right IAM program is the fastest path from gap assessment to audit-ready evidence.

ISO 27001

Annex A.9 — Access Control

Information security management system
  • Automated Access Reviews & certifications aligned to A.9.2
  • Role-based access & least-privilege enforcement
  • Joiner-Mover-Leaver lifecycle controls for A.9.2.6
DORA

ICT Access & Resilience Controls

Digital Operational Resilience Act — EU, Jan 2025
  • Documented ICT access controls per Article 9
  • Privileged Access Management for critical systems
  • Immutable audit trails for incident investigation
SOX

Section 404 — Internal Controls

Sarbanes-Oxley financial reporting controls
  • Access certification campaigns producing audit evidence
  • Segregation of Duties detection & remediation
  • Automated provisioning reducing manual-error findings
NIS2

Identity Controls for Critical Infrastructure

Network & Information Security Directive 2
  • Multi-factor authentication across all critical assets
  • Privileged Access Management & incident logging
  • User lifecycle governance meeting Article 21 requirements
GDPR

Data Access Minimisation

General Data Protection Regulation
  • Access request workflows enforcing data minimisation
  • Automated deprovisioning supporting right-to-erasure
  • Data owner–driven access reviews for personal data
PCI-DSS

Cardholder Data Access Controls

Payment Card Industry Data Security Standard
  • Role-based access restricting cardholder data environments
  • Privileged Account Management for in-scope systems
  • Quarterly access reviews meeting Requirement 7 & 8

Access Reviews on a Deadline

Upcoming ISO 27001 or SOX audit? We run automated certification campaigns that generate audit-ready evidence — reviewer sign-off, decisions, timestamps — in days, not weeks.

JML Gaps Are Audit Findings

SOX and ISO 27001 auditors flag orphaned accounts, stale access, and delayed deprovisioning. Our Joiner-Mover-Leaver automation closes every gap with zero manual steps and full event logging.

DORA ICT Access Requirements

DORA Article 9 mandates documented, controlled access to critical ICT systems. We map your access landscape, implement controls, and produce the evidence packages regulators expect.

Audit Trails & Evidence Packs

Need a complete access history for your NIS2, GDPR, or SOX audit? We build immutable audit trails across all connected systems and generate structured evidence packs ready to submit.

A Structured Path to IAM Maturity

Agile delivery, clear milestones, and continuous stakeholder alignment — from first assessment to ongoing operations.

Discover & Assess

Audit your identity landscape, surface compliance gaps, and agree on a target maturity score.

Design & Architect

Produce a target-state blueprint — role model, data flows, tool selection, and phased plan.

Implement & Integrate

Agile sprint delivery of connectors, workflows, and policies with continuous testing and review.

Operate & Govern

Access campaigns, incident management, and ongoing advisory to keep your program current.

An Entire IAM Team Under One Roof

A complete, cross-functional IAM team managing end-to-end implementation and ongoing operations — no coordination overhead on your side.

Specialized IAM Roles On-Demand

PM, Architect, BA, Engineers, QA, and Operations — the right expertise at every phase, without the cost of full-time hires.

European Base, Global Reach

Central & South-East Europe for timezone alignment, multilingual delivery, and full GDPR compliance by default.

Agile & Scalable Delivery

SAFe/Scrum sprints and quarterly PI planning allow us to scale teams and adapt to any project size or timeline.

Consultative, Education-First Approach

We help clients understand the IAM landscape — not just deliver a tool — increasing long-term adoption and ROI.

By the Numbers
60+
Years Combined IAM Experience
14+
Years Longest Team Member Exp.
11
IAM Specialist Roles Covered
12+
Platforms & Vendors Mastered
SailPoint ISCOktaOneIdentity CyberArkPing FedAzure AD AWS IAMn8nActive Directory Entra IDSAFe / ScrumCBAP

Senior IAM Specialists, Every Role Covered

Certified IAM professionals spanning architecture, project management, business analysis, engineering, and QA.

IAM Enterprise Architect

IAM Enterprise Architect

IAM Manager & Agile Coach
10 yrs · CBAP · SAFe · CSM
SailPoint ISCOktaOneIdentityProject ManagementAgile ScrumIGA Selection
SA

Security Architect

IT Security Solution Architect
14 yrs · SAFe Architect · ITIL · CIAM
CyberArk PAMPing IdentityAzureVulnerability Mgmt
IA

IAM Solution Architect

Senior Solution Architect
16 yrs · TOGAF 9 · Azure Fundamentals
Architecture DesignSAML2 / OAuth2SailPointPowerShell
BA

IAM Business Analyst

BA & Feature Engineer
5 yrs · IREB · SAFe PO/PM
Requirements Eng.OneIdentityUser StoriesUAT Support
TM

Test Manager

BA & Test Manager
4 yrs · IREB Foundation
Manual TestingUML ModellingSoapUIJIRA / Confluence
PO

Product Owner

Mid-PO & Full Stack Dev
2 yrs · CSPO · SAFe Practitioner
Product OwnershipReact / JSDiscovery Workshops
IE

IAM Engineer

Senior IAM Engineer
6+ yrs · IGA Implementation Specialist
OneIdentitySailPoint ISCOmadaOktaConnector Dev
QA

Test Automation QA

Senior QA Automation Engineer
15 yrs · Automation & Performance Testing
Test AutomationSelenium / PlaywrightCI/CD PipelinesAPI Testing
BE

Backend Engineer

Senior Backend Engineer
15+ yrs · Enterprise Integration Specialist
Java / PythonREST & SOAP APIsMicroservicesCloud Infrastructure
FE

Frontend Engineer

Senior Frontend Engineer
10+ yrs · UI/UX & Identity Portal Specialist
React / TypeScriptIdentity PortalsAccessibilityDesign Systems
Sample Engagement

What a Full IAM
Program Looks Like

A global pharma spin-off needed a standalone IAM environment from scratch — SailPoint, Active Directory, and Azure AD for 28,000 employees.

Phase 1

Implementation (~6 months)

Requirements gathering, SailPoint ISC setup, AD & Azure AD integration — 7-person team (PM, SME, BA, Architect, Tester, 2 Engineers) covering all 28,000 identities.

Phase 2

Operations & Governance (Ongoing)

Feature enablement, incident management, PAM development, access reviews, and new target system integrations.

Engagement Scale
900K
EUR
Estimated full-program value
Flexible T&M pricing adapts to your scope — Phase 1 implementation plus ongoing operations, structured to your needs.
Typical Team Composition
PMSMEBA ArchitectTesterSailPoint Engineers
Get Started

Ready to Maximize Your IAM Success?

Whether you're building from scratch, replacing a legacy system, or maturing an existing program — let's talk about what's possible.

Book a Free Discovery Call
office@project-max.ro LinkedIn Cluj-Napoca, Romania · EU-based