Case Studies / Global Enterprise

Customer Success Story

How a global enterprise reduced identity and SaaS costs by 20%+ while modernizing IT operations

A media and advertising enterprise managing over 130,000 identities across a distributed multi-tenant environment used Custodeum to combine savings analysis, governance controls, and execution sequencing so teams could reduce spend, increase visibility, and execute aggressively without user disruption.

Start Free Savings Analysis Talk Through Advisory Plan
Executive ReportFinancial Analysis
Access modeling executive report with financial impact and usage categories
Leadership-ready report export: assigned users, active usage, inactivity exposure, and modeled monthly savings.

Licence reduction achieved before renewal

Custodeum identified low-risk wins and advanced reduction opportunities, enabling the customer to move from 130,000 licences to 103,000 ahead of contract renewal.

Delivery path from analysis to renewal readiness

A structured assessment and execution model gave leadership confidence to pursue an aggressive optimization strategy while minimizing operational risk. The organization also chose the full enterprise suite of Custodeum features to maximize value across cost optimization, governance, security, and service operations.

The challenge

  • Over-licensing across identity and SaaS platforms
  • Fragmented operations across 10+ Okta tenants
  • Limited visibility into actual usage and access patterns
  • Heavy manual effort for reporting and optimization
  • A strict requirement for fully self-hosted deployment
  • A 6-month countdown to major licence renewal

Fast, data-backed analysis

  • - No-cost analysis across all Okta tenants
  • - Scenario modeling from low-risk to aggressive strategies
  • - Clear guidance on sequencing, risk, and controls

Execution without disruption

  • - Aggressive reductions completed before renewal
  • - Zero operational incidents during execution
  • - No negative impact on end users

Operational transformation

  • - Unified management across AD, Entra ID, Okta, Adobe, Teams, and more
  • - ServiceNow integration with end-to-end auditability
  • - Improved service desk velocity and lower admin overhead

Security and governance uplift

  • - Unified RBAC with clearer separation of duties
  • - Reduced over-privileged access risk
  • - Stronger compliance reporting and controls

Microsoft Entra ID

Full model baseline

Role and group mapping completed

Okta Multi-Tenant

10+ tenants mapped

Policy and entitlement normalization

SaaS Access Layer

85%+ app coverage

Unified access model and least privilege controls

AD Risk Analysis, Health Checks, and Audit-Ready Recertification

Active Directory health checks and risk analysis are now part of a continuous governance cycle, backed by targeted recertification campaigns for privileged and admin accounts.

Risk & Health Program

  • - Stale privileged accounts and dormant admin memberships flagged automatically
  • - AD object hygiene checks for high-risk configurations and orphaned access
  • - Risk scoring aligned to business-critical identity assets

Admin Recertification Campaigns

  • - Scheduled recertification cycles for Tier-0 and sensitive admin roles
  • - Reviewer workflows with evidence capture and approval history
  • - Audit-ready outputs mapped to compliance controls and policy requirements

Why this case study matters

This outcome demonstrates that savings, governance, and operational stability can move together when decisions are evidence-led and execution is controlled. Custodeum helped this organization reduce spend, strengthen control posture, and simplify cross-platform identity operations at enterprise scale.

Book Savings Review Review Advisory Options

Some figures in this case study have been adjusted for confidentiality purposes. All outcomes and results described are representative of actual customer results.