• Ihre persönliche Webdemo – Lernen Sie NEXIS 4 genauer kennen!
  • Details und Anmeldung
Follow Us On:
EN
Nexis Demo

Success Story BSS

Efficient Role Recertification at Beiersdorf Shared Services – Powered by NEXIS 4

How BSS Automated Active Directory Group Management, Improved Audit Readiness, and Boosted Governance Efficiency Using Nexis Technology.

Simplifying IAM Complexity Through Event-driven Recertification

Growing regulatory and operational demands continue to increase the complexity of Identity & Access Management (IAM). Without structured governance, assigning and verifying user entitlements becomes error-prone, especially in dynamic environments with frequent role or department changes. 

To address this, Beiersdorf Shared Services GmbH (BSS) introduced event-driven recertification for Microsoft Active Directory (AD) groups, powered by NEXIS 4. The new process ensures that when employees change roles, their entitlements are automatically reviewed and adjusted - eliminating outdated access and reducing risk. 

The goal was to introduce a lightweight, sustainable, and automation-ready solution that would streamline role lifecycle processes and improve auditability. For example, when an employee moves to a new department, unnecessary rights are automatically revoked after a defined transition period.

What is important to us is to be able to remove entitlements through clearly defined recertification processes if there is no longer a basis for them.

Thomas Kresalek
Beiersdorf Shared Services

Compact Extension. Scalable Governance.

NEXIS 4 was selected as the strategic extension layer to the IAM stack in a way that was compact, long-term, and automation-friendly. As a proven platform for visual role modeling, entitlement analytics, and governance workflows, NEXIS 4 (formerly NEXIS Controle) delivered the required capabilities out of the box. Instead of building internal add-ons or customizing the IAM system, BSS chose a lightweight, future-ready solution that integrates seamlessly into existing environments. 

To accelerate results, Nexis consultants provided configuration support and best-practice guidance, enabling deployment within just a few days.

Workflow-driven Access Recertification

Visual Role Modeling & Entitlement Analysis

Governance Automation Without Heavy Customization

Automated Workflows for Role and Responsibility Review

In close collaboration, BSS and Nexis designed workflow-based processes in NEXIS 4 to automate key access governance tasks. These workflows ensure that entitlement structures and responsibilities remain accurate and compliant — even in dynamic organizational environments. 

Key scenarios covered: 

  • Department change: When an employee moves to a different department, NEXIS 4 automatically triggers a recertification of the user’s Active Directory (AD) group memberships. This process uses a task-specific interface configured for review and adjustment. 
  • Change in group ownership: If the person responsible for an AD group changes roles, their previous line manager is prompted to review and reassign responsibilities using a guided workflow. 

By embedding these controls into the access lifecycle, BSS reduced manual effort and improved consistency across entitlement management processes. 

Seamless Integration and Business-ready Interfaces

When employees switch roles, the IAM system sends API-based triggers via a standardized REST connection to NEXIS 4. This activates two separate workflows: 

  • Automated recertification of the employee’s Active Directory (AD) group memberships 
  • Review of ownership responsibilities for affected AD groups 

Approval workflows in NEXIS 4 are multi-level and fully configurable, including escalation paths. To enable effective collaboration, the user interface was specifically tailored to business departments, allowing them to complete reviews without technical barriers.

Operational Impact: Auditability, Efficiency, and Risk Reduction

The implementation of NEXIS 4 at BSS delivered measurable improvements across access governance and operational efficiency:

Reduced manual effort through streamlined, workflow-based role decisions
Improved data quality in AD group ownership and membership structures
Audit-ready change tracking with full historical traceability in NEXIS 4
Stronger access controls via automated, policy-based revocation of outdated entitlements

About Beiersdorf

Beiersdorf Shared Services GmbH has been a wholly owned subsidiary of Beiersdorf since 2003 and is represented around the world by over 340 employees. Being Beiersdorf‘s strong partner for IT and accounting worldwide. The aim is to provide optimum support for Beiersdorf‘s business. This involves providing highly efficient accounting and IT services from a single source. From traditional accounting to sophisticated infrastructure solutions, application management, and strategic consulting.

These Companies Rely on NEXIS