Nerdy Tech Geeks Smarter Tech. Better Outcomes.
Menu
hello@nerdytechgeeks.co.za

Service 03

Identity, access and SaaS security

Identity is now the control plane for most technology environments. We help organisations strengthen authentication, authorisation, access reviews, privileged access, SSO, MFA, and SaaS governance across cloud and on-premise platforms.

Start a conversation Back to services

On this page

When this helps

Common signals that this service is needed

Useful for identity security assessments, Zero Trust roadmaps, SaaS access governance reviews, and privileged access improvement work.

MFA, SSO, Conditional Access-style controls, or privileged access are inconsistent
Dormant accounts, shared admin accounts, or over-permissioned users are creating risk
SaaS adoption has grown faster than identity governance
Access reviews are manual, irregular, or not trusted by auditors
The business wants Zero Trust progress without a vague or unmaintainable programme

Ideal for

  • Organisations with weak MFA, unmanaged admin accounts, or inconsistent access controls
  • Businesses expanding SaaS use without centralised identity governance
  • Teams needing secure partner, contractor, or cross-tenant access
  • Regulated organisations that need auditable access control

What this covers

Detailed capability areas

We can shape the engagement as advisory, assessment, roadmap, implementation guidance, or retained support depending on business need.

Identity architecture across Entra ID, Active Directory, Okta-style federation, SSO, OAuth2, and SAML
MFA, Conditional Access-style policy design, privileged access, and RBAC models
Identity lifecycle, joiner/mover/leaver workflows, and access review processes
SaaS access risk assessment and integration design
Device and user posture alignment with Zero Trust design patterns
Hybrid identity, directory synchronisation, and legacy identity clean-up

Typical engagements

  • Identity security assessment
  • Zero Trust roadmap
  • SSO and MFA rollout plan
  • Privileged access and RBAC review
  • SaaS access governance review

Deliverables

  • Identity architecture map
  • Policy recommendations and implementation backlog
  • Privileged access model
  • Lifecycle and access review process design
  • Security quick-win plan

Technologies and domains

Entra IDActive DirectoryOktaSSOMFAOAuth2SAMLRBACConditional AccessIntuneMicrosoft DefenderSaaS platforms

Assessment focus

What we inspect before the recommendation

Our goal is to make the current state visible enough to support confident decisions, practical sequencing, and implementation-ready work.

01 Focus area

Identity providers, directories, federation, SSO, MFA, OAuth2, SAML, and legacy dependencies

02 Focus area

Admin roles, privileged access, RBAC, break-glass accounts, and logging

03 Focus area

Joiner, mover, leaver workflows and access review processes

04 Focus area

SaaS inventory, app ownership, data access, shadow IT, and integration risk

05 Focus area

Device posture, user risk, conditional access patterns, and monitoring coverage

Engagement path

A practical route from uncertainty to execution

We keep assessments, roadmaps, and delivery models connected so recommendations can actually be implemented.

01

Baseline

Map users, apps, roles, directories, admin paths, lifecycle processes, and high-risk access.

02

Prioritise

Separate urgent identity risks from longer-term governance and automation work.

03

Control

Design MFA, SSO, privileged access, lifecycle, access review, and SaaS governance patterns.

04

Operate

Create review cadences, monitoring expectations, ownership, and handover material.

Decision support

Questions this engagement should answer

We design the service to create answers leadership can use and technical teams can turn into implementation work.

Who can access critical systems and why?
Where are permanent privileges, weak MFA, or dormant accounts creating risk?
Which SaaS platforms should be integrated into central identity controls?
How do we make access reviews practical instead of ceremonial?
What is the smallest useful Zero Trust roadmap for this organisation?