• Your personal web demo – Get to know NEXIS 4 in more detail!
  • Details and registration
Follow Us On:
DE
Nexis Demo

Success Story BSS

Efficient Role Recertification at Beiersdorf Shared Services – Powered by NEXIS 4

How BSS Automated Active Directory Group Management, Improved Audit Readiness, and Boosted Governance Efficiency Using Nexis Technology.

Simplifying IAM Complexity Through Event-driven Recertification

Growing regulatory and operational demands continue to increase the complexity of Identity & Access Management (IAM). Without structured governance, assigning and verifying user entitlements becomes error-prone, especially in dynamic environments with frequent role or department changes. 

To address this, Beiersdorf Shared Services GmbH (BSS) introduced event-driven recertification for Microsoft Active Directory (AD) groups, powered by NEXIS 4. The new process ensures that when employees change roles, their entitlements are automatically reviewed and adjusted - eliminating outdated access and reducing risk. 

The goal was to introduce a lightweight, sustainable, and automation-ready solution that would streamline role lifecycle processes and improve auditability. For example, when an employee moves to a new department, unnecessary rights are automatically revoked after a defined transition period.

What is important to us is to be able to remove entitlements through clearly defined recertification processes if there is no longer a basis for them.

Thomas Kresalek
Beiersdorf Shared Services

Compact Extension. Scalable Governance.

NEXIS 4 was selected as the strategic extension layer to the IAM stack in a way that was compact, long-term, and automation-friendly. As a proven platform for visual role modeling, entitlement analytics, and governance workflows, NEXIS 4 (formerly NEXIS Controle) delivered the required capabilities out of the box. Instead of building internal add-ons or customizing the IAM system, BSS chose a lightweight, future-ready solution that integrates seamlessly into existing environments. 

To accelerate results, Nexis consultants provided configuration support and best-practice guidance, enabling deployment within just a few days.

Workflow-driven Access Recertification

Visual Role Modeling & Entitlement Analysis

Governance Automation Without Heavy Customization

Automated Workflows for Role and Responsibility Review

In close collaboration, BSS and Nexis designed workflow-based processes in NEXIS 4 to automate key access governance tasks. These workflows ensure that entitlement structures and responsibilities remain accurate and compliant — even in dynamic organizational environments. 

Key scenarios covered: 

  • Department change: When an employee moves to a different department, NEXIS 4 automatically triggers a recertification of the user’s Active Directory (AD) group memberships. This process uses a task-specific interface configured for review and adjustment. 
  • Change in group ownership: If the person responsible for an AD group changes roles, their previous line manager is prompted to review and reassign responsibilities using a guided workflow. 

By embedding these controls into the access lifecycle, BSS reduced manual effort and improved consistency across entitlement management processes. 

Seamless Integration and Business-ready Interfaces

When employees switch roles, the IAM system sends API-based triggers via a standardized REST connection to NEXIS 4. This activates two separate workflows: 

  • Automated recertification of the employee’s Active Directory (AD) group memberships 
  • Review of ownership responsibilities for affected AD groups 

Approval workflows in NEXIS 4 are multi-level and fully configurable, including escalation paths. To enable effective collaboration, the user interface was specifically tailored to business departments, allowing them to complete reviews without technical barriers.

Operational Impact: Auditability, Efficiency, and Risk Reduction

The implementation of NEXIS 4 at BSS delivered measurable improvements across access governance and operational efficiency:

Reduced manual effort through streamlined, workflow-based role decisions
Improved data quality in AD group ownership and membership structures
Audit-ready change tracking with full historical traceability in NEXIS 4
Stronger access controls via automated, policy-based revocation of outdated entitlements

About Beiersdorf Shared Services

Beiersdorf Shared Services (BSS) is a wholly owned subsidiary of the Beiersdorf Group with more than 450 employees worldwide. BSS is responsible for global IT services as well as finance services delivered by a team of over 130 specialists. Founded in 2003 and headquartered in Hamburg, Germany, BSS has expanded since 2022 with additional hubs in Poland and Mexico.

These Companies Rely on NEXIS

Vontobel
Hamburg Commercial Bank
Swiss Post
Deutsche Börse
HUK-Coburg
DZ Bank
Infineon
Viseca
Linz AG
Axa
Uniqua
DAK Krankenkasse
BarmeniaGothaer
Krones
DM
Union Investment
FITS
DEVK
Helvetia
CSS
Swisscom