Internal User Management Platform

The Problem

When an agent joined or left the agency, setting up or removing their access meant manually contacting the administrator for each platform: the rater, the CRM, the agency management system, the document store, and the carrier portal. There was no single place to do it and no confirmation that it had been done. A new agent regularly waited two and a half days before they could work a full quote, and departed agents often remained active in one or more systems simply because nobody had completed the full checklist.

The offboarding gap was the sharper concern. Former agents retaining access to the rater or carrier portal after departure is a compliance exposure the agency could not afford to leave open.

The Approach

We started with an access audit rather than immediately building anything: cataloguing all five platforms, the three identity providers across them, and the orphaned accounts that had accumulated from past agents and one-off integrations. That inventory made clear the problem wasn’t just missing tooling. It was the absence of any defined provisioning process at all.

The platform we built centralises both onboarding and offboarding behind a single workflow tied to Microsoft Entra. Adding an agent triggers automated account creation across all connected systems; removing one revokes access immediately and logs every action with a timestamped audit trail. No checklist, no follow-up emails, no gaps. The legacy shared credentials and manually-managed access groups were retired at cutover, and the agency now has a clear record of who has access to what and when it was granted or removed.

The Solution

A centralised identity and access management platform integrating the agency’s five operational systems through Microsoft Entra, replacing the manual per-platform provisioning process.

• Single-action onboarding: adding an agent in the platform triggers automated account creation across the rater, CRM, agency management system, document store, and carrier portal simultaneously.

  Mitigates: new agents sitting idle for two and a half days while access requests were worked through one platform at a time.

• Instant offboarding: removing an agent revokes access across all five systems immediately in a single operation.

  Mitigates: former staff retaining access to sensitive systems simply because no one had completed the full offboarding checklist.

• Role-based access model: permissions are defined by role, not by individual, so access is consistent and auditable from day one.

  Mitigates: access that varied depending on who processed the request, and lingering permissions from agents who had long since changed roles.

• Timestamped audit trail: every provisioning and revocation action is logged with actor, timestamp, and affected systems.

  Mitigates: no way to prove who had access to what, or when (a real liability during carrier audits and regulatory reviews).

• Orphaned account cleanup: the initial audit identified and decommissioned 10+ accounts belonging to former agents and expired integrations.

  Mitigates: dormant accounts belonging to former staff that remained quietly active in production systems long after those people had left.