A large insurance group managed drive permissions and access rights through isolated, manual processes without an enterprise role concept, without consistent consistent pre-boot authentication, and without reporting sufficient capabilities for IT security managers. Portamus designed and implemented the enterprise-wide Identity & Access Management — including pre-boot authentication, password reset procedures, an enterprise role and access concept, and integration with SAM Enterprise Identity Manager, SAM Jupiter (DB2), and Active Directory (LDAP). The solution is live across the entire group, giving IT security managers full visibility into current and historical permission requests.

Insurance Group Implements Enterprise-Wide Identity & Access Management
Enterprise-wide IAM design and implementation including pre-boot authentication, role-based access concept, and security manager dashboards — live across the entire group.
The Engagement at a Glance
Where the Organization Stood
A large insurance group managed drive permissions and access rights through manual, non-auditable processes — without enterprise-wide IAM and without reporting capabilities for IT security managers.
No Automated Access Management
Drive permissions and access rights were managed in a isolated, manual manner — an enterprise role concept and central governance were entirely absent.
Insufficient Security Audit Trail or Transparency
Historical and current permission requests could not be evaluated easily — IT security managers had no visibility into the current permission status.
No Automated Pre-Boot Authentication
Devices lacked an automated pre-boot authentication mechanism and standardised password reset procedure — a significant security exposure.
What We Did
Enterprise-Wide IAM and Role Concept
Portamus designed and implemented enterprise-wide drive permission management, an enterprise role and access concept, and integration with the central IAM platform.
Pre-Boot Authentication and Password Reset
A pre-boot authentication mechanism and standardised password reset procedure were designed and rolled out across the entire group.
Security Dashboards and Reporting
Reporting dashboards for current and historical permission requests were built — IT security managers now have complete visibility into the access rights landscape.
What Changed
Enterprise-Wide
The IAM system has been live across the entire group and has proven a stable foundation for access management.
IAM Systems Integrated
SAM Enterprise Identity Manager, SAM Jupiter (DB2), and Active Directory (LDAP) were fully integrated into the central IAM.
Audit Trail
Historical and current permission requests are fully traceable — audits can be conducted at any time.
Pre-Boot Authentication
The pre-boot authentication mechanism was rolled out to all devices and protects against unauthorised access across the group.
What Made This Engagement Work
IAM Is an Architecture Problem
Enterprise-wide IAM is not a pure IT security project — it requires a carefully designed architecture that integrates role concepts, system integration, and process design holistically.
Transparency Is the Security Foundation
Security dashboards and a complete audit trail are not optional — they are the prerequisite for IT security managers to fulfil their governance role.
Early Rollout Reduces Cumulative Risk
The longer a group operates without pre-boot authentication and standardised password management, the greater the cumulative security exposure — early rollout always pays off.
More Client Outcomes
European Aviation Authority Designs ECCAIRS-Integrated Occurrence Reporting System
Optimisable digital system for managing internal aviation occurrences, required integration with European ECCAIRS standard
Process design for IORS, ECCAIRS integration architecture, SAP integration evaluation, staff training
IORS live (easa.europa.eu/iors), ECCAIRS integrated, EU-wide incident data exchange enabled
Fashion Retailer Builds ITIL-Compliant ITSM with Automated CMDB
No unified ITSM, missing CMDB, manual release processes without unified automation for host and Java workloads
ITIL CMDB with automated asset discovery, Nagios monitoring, ChangeMan z/OS release management, Serena PPM
Automated CMDB live, release management brought into production, SLAs and OLAs defined
National Healthcare System Consolidates ITSM Architecture Across 22 Hospitals
Fragmented ITSM across 6 hospital clusters, no unified monitoring for health-critical SLAs
End-to-end ITSM architecture across 8 process areas, SLA monitoring design, 4-system integration blueprint
Unified ITSM blueprint for $54M programme, SLA-capable monitoring, integration architecture delivered