Case Studies / Global Enterprise
Customer Success Story
How a global enterprise reduced identity and SaaS costs by 20%+ while modernizing IT operations
A media and advertising enterprise managing over 100,000 identities across a distributed multi-tenant environment started with a free Custodeum assessment, then moved to a paid advisory plan to reduce spend, increase visibility, and execute aggressively without user disruption.
Licence reduction achieved before renewal
Custodeum identified low-risk wins and advanced reduction opportunities, enabling the customer to move from 116,000 licences to 92,000 ahead of contract renewal.
Delivery path from analysis to renewal readiness
A structured assessment and execution model gave leadership confidence to pursue an aggressive optimization strategy while minimizing operational risk. The organization also chose the full enterprise suite of Custodeum features to maximize value across cost optimization, governance, security, and service operations.
The challenge
- Over-licensing across identity and SaaS platforms
- Fragmented operations across 15+ Okta tenants
- Limited visibility into actual usage and access patterns
- Heavy manual effort for reporting and optimization
- A strict requirement for fully self-hosted deployment
- An 8-month countdown to major licence renewal
Fast, data-backed analysis
- - No-cost analysis across all Okta tenants
- - Scenario modeling from low-risk to aggressive strategies
- - Clear guidance on sequencing, risk, and controls
Execution without disruption
- - Aggressive reductions completed before renewal
- - Zero operational incidents during execution
- - No negative impact on end users
Operational transformation
- - Unified management across AD, Entra ID, Okta, Adobe, Teams, and more
- - ServiceNow integration with end-to-end auditability
- - Improved service desk velocity and lower admin overhead
Security and governance uplift
- - Unified RBAC with clearer separation of duties
- - Reduced over-privileged access risk
- - Stronger compliance reporting and controls
Operational Efficiency Signal
Active Operations>Fully optimized provisioning templates now orchestrate user and group lifecycle actions across Entra ID, Okta, and SaaS apps from a single operational model.
Microsoft Entra ID
Role and group mapping completed
Okta Multi-Tenant
Policy and entitlement normalization
SaaS Access Layer
Unified access model and least privilege controls
AD Risk Analysis, Health Checks, and Audit-Ready Recertification
Active Directory health checks and risk analysis are now part of a continuous governance cycle, backed by targeted recertification campaigns for privileged and admin accounts.
Risk & Health Program
- - Stale privileged accounts and dormant admin memberships flagged automatically
- - AD object hygiene checks for high-risk configurations and orphaned access
- - Risk scoring aligned to business-critical identity assets
Admin Recertification Campaigns
- - Scheduled recertification cycles for Tier-0 and sensitive admin roles
- - Reviewer workflows with evidence capture and approval history
- - Audit-ready outputs mapped to compliance controls and policy requirements
Why this case study matters
This customer outcome demonstrates that cost optimization does not have to come at the expense of governance or operational stability. With Custodeum, organizations can reduce spend, improve control, and simplify cross-platform identity operations at enterprise scale. In this case, adopting the full enterprise suite accelerated value realization across every major identity and IT operations workflow.