IAM with Structure and Strategy at CSS Insurance

How CSS Standardized Heterogeneous Access Environments, Automated Recertifications, and Introduced Scalable, Audit-ready Role Management Using NEXIS 4.

90%

of productive authorizations are managed via roles

3x quicker:

Reduction of recertification period from 5 month to 8 weeks

> 3,300

productive roles. Mapping of the entire role model in NEXIS 4

From Manual Overhead to Strategic Access Control

CSS was faced with the task of integrating a large number of heterogeneous target systems into its existing IAM system (NetIQ). The goal: gain transparency, reduce manual recertification overhead, and establish a sustainable foundation for user lifecycle management.

CSS faced several key challenges:

Over 45 heterogeneous target systems with complex, non-standardized attributes

Manual recertifications requiring up to five months to complete

Strict regulatory and security requirements in the Swiss insurance sector

A modern, role-based model with full traceability and governance built in became essential.

Standardized Role Management Across All Systems

To harmonize data structures and centralize role governance, CSS implemented NEXIS 4 as the platform of choice. Working closely with Nexis, the team built:

Attribute standardization across systems via custom plugins

Export mechanisms to deliver IAM-relevant data to consuming systems

Automated workflows for recertification and role lifecycle processes

A role-based model that now covers 90% of all productive authorizations

Previously manual and Excel-based processes were fully replaced — and recertification durations dropped by more than half.

With NEXIS 4, we have not only automated our processes, but also created genuine transparency – across systems, roles and authorisations. The implementation was structured, solution-oriented and technically on par. NEXIS 4 has noticeably reduced our daily workload.

Luca Schär

Identity- and Access Administrator, CSS

Structured Rollout with Rapid ROI

The project followed a modular, iterative rollout strategy:

Planning and Analyses

Definition of requirements and structuring of target system connection

Development of Export Plugins

Implementation of specific plugins for the integration of target systems and standardization of attributes.

Role Management

Replacement of manual processes (e.g. maintenance via Excel) with automated role management.

Integration and Extension

Gradual connection of all existing target systems and continuous expansion.

Recertification Campaigns

Automation and optimization of campaigns to increase efficiency.

Transparency, Compliance, and Lifecycle Control

With the introduction of NEXIS 4, CSS was able to optimize its authorization management in the long term – both organizationally and technically. The platform not only enabled the automation of previously manual processes, but also significant scaling, better data quality and noticeably improved compliance. Role models, system access and recertifications are now structured, audit-proof and efficient.

Time savings: Reduction in recertification time from five months to eight weeks

More transparency and traceability: 90% of permissions covered by a rolebased model

User-friendly handling: Enabling independent access management for all employees

Audit-ready: Ensuring compliance through automated and traceable processes

User Lifecycle Management: NEXIS 4 impressed as a lifecycle management tool, which will enable joiner, mover and leaver processes to be mapped more effectively in future.

About CSS

As part of its identity management, CSS administers around 13,500 authorizations and manages around 5,000 digital identities, including technical, test and training accounts. The company hasbeen using the NEXIS 4 identity governance and administration solution since 2019. Currently, CSS has mapped around 3,300 productive roles in NEXIS 4.

Success Story CSS