Automated Access Recertification at Beiersdorf Shared Services – Event-Driven Identity Governance with NEXIS
Beiersdorf Shared Services implemented NEXIS to automate event-driven access recertifications and establish clear, auditable identity governance processes across its global IT operations.
About Beiersdorf Shared Services
Beiersdorf Shared Services GmbH (BSS) has been a wholly owned subsidiary of Beiersdorf AG since 2003. It serves as the central IT and accounting partner for Beiersdorf’s global business operations.
BSS provides highly efficient services across accounting, infrastructure, application management, and strategic consulting – all from a single source. With a global footprint, the organization must maintain consistant and controlled access governance across a complex digital environment.
As the number of digital identities grows and employees frequently change roles or departments, ensuring accurate and compliant entitlement management has become a critcal operational and regulatory requirement.
- Headquarters: Hamburg, Germany
- Employees: 340+
- Parent Company: Beiersdorf AG
- Operations: Global
The Challenge
As Beiersdorf Shared Services grew its digital operations, managing employee entitlements across Microsoft Active Directory became increasingly complex. The rising number of digital identities – combined with frequent role and department changes – created significant risk of outdated or incorrect access rights remaining in place.
Existing processes relied on manual reviews that were difficult to coordinate, slow to execute, and hard to audit. When employees moved between departments, there was no automated mechanism to trigger a review of their existing AD group memberships and responsibilities. This left access rights unmanaged for extended periods and increased compliance exposure.
Extending the existing IAM system through customization or an in-house add-on would have been costly and difficult to maintain long-term.
The goal was to:
- Introduce event-driven, automated recertification triggered by organizational changes
- Ensure employees carry only the entitlements relevant to their current role
- Transfer AD group responsibilities correctly when responsible parties change departments
- Implement a solution that integrates with the existing IAM system without requiring fundamental changes
- Establish a sustainable, low-maintenance governance process
The Results
The implementation of NEXIS enabled Beiersdorf Shared Services to replace fragmented, manual entitlement reviews with a fully automated, event-driven governance process – deployed rapidly using NEXIS standard capabilities with minimal customization effort.
The solution integrates directly into the existing IAM infrastructure and triggers precisely when needed: at the moment of organizational change. Business departments now manage their own recertifications through an intuitive interface, reducing dependency on IT and accelerating decision cycles.
- Process simplification: Automated recertification replaces error-prone manual coordination across departments
- Improved data quality: AD group responsibilities are now accurately maintained and regularly validated
- Audit traceability: Every entitlement change is documented and traceable in NEXIS for past and current employee changes
- Fast time-to-value: The solution was configured and live within days using NEXIS best-practice templates and Nexis consulting expertise
- Sustainable architecture: The existing IAM system was extended, not replaced – keeping the implementation lightweight and maintainable long-term
Read more Success Stories
Structured IAM Governance at CSS Insurance
CSS standardized heterogeneous access environments, automated recertifications, and introduced scalable, audit-ready role management with NEXIS.
UNIQA Strengthens Identity Governance and Compliance with NEXIS
How one of Europe’s leading insurance groups improved access transparency, audit readiness, and governance efficiency.