Strengthening IAM Governance at W&W Group with Role-Centric Access Control

How structured authorization modeling ensures compliance, reduces business risk, and simplifies IAM across the enterprise.

Regulatory Readiness Through Structured Access Control

As a leading provider in the financial services sector, the Wüstenrot & Württembergische Group (W&W Group) places strong emphasis on security, compliance, and transparency. In response to rising regulatory expectations, the company introduced an authorization role model to ensure that access rights are assigned appropriately, consistently, and with reduced manual effort.

By doing so, W&W aimed to lower organizational risk, streamline access processes, and improve data protection company-wide.

From Manual Assignments to Structured Business Roles

To meet regulatory demands and operational goals, W&W sought a consulting and implementation partner to support the design and rollout of an authorization role model within the Identity Management (IDM) context.

The objectives included:

Ensuring appropriate, compliant access assignments

Reducing the workload of user and authorization administration

Embedding segregation of duties (SoD) controls

Strengthening cross-departmental governance

As a future-oriented company, clear and efficient processes are very important to us. with effective tools such as NEXIS we were able to develop and visualize new business roles simply and clearly. This has not only made it much easier for line managers to understand, but has also kept the entire project management lean. As a result, the project was met with great acceptance from all sides.

Oliver Hirth

Project Manager, W&W

Simplification, Automation, and SoD Compliance

Key achievements of the project included:

Bundling of authorizations into business roles, replacing individual assignments

SoD rule definition and enforcement across modeled roles

Semi-annual recertification cycles, supported by guided user interfaces

Automated workflows for approving new or changed roles

Integration with W&W’s ticket system via NEXIS 4 REST API for role provisioning

These elements significantly reduced administrative effort and created a scalable, repeatable process for IAM governance.

The clear assignment of authorizations to business roles has simplified the entire authorization process at W&W, because dozens of individual authorizations no longer have to be issued for new additions, but can be assigned in a bundled manner. The use of NEXIS has been well received. This tool from our partner Nexis displays roles embedded in their environment. This has saved us time and created transparency and security. Armed with this, the customer can look forward to complying with the regulatory requirements in the industry with confidence.

Mihael Zadro

IAM Consultant, IPG

About W&W

Wüstenrot & Württembergische AG (W&W) is a listed group based in Stuttgart, which was formed in 1999 from the merger of the long-established companies Wüstenrot and Württembergische. The financial services group is active in the two business segments “BausparBank” and “Insurance” and offers the four building blocks of modern provision: security, home ownership, risk protection and asset formation. The approximately six million customers of the W&W Group appreciate the service quality, competence and customer proximity of the provision specialist, for which around 13,000 people work. Thanks to an extensive network of cooperation and partner sales organizations as well as broker and direct activities, the W&W Group can reach more than 40 million people in Germany. The W&W Group will continue to focus on growth in the future and has already establishes itself as the largest independent and most customer-oriented financial provider in Baden-Württemberg.

Success Story W&W