.png?width=1024&height=512&name=ODOO%20NEWSLETTER%20-%20%20%20GEOxyz%20Full%20Customer%20Case%20(1).png)
User Access Management: The Fundamentals Explained
This article delves deep into the fundamentals of user access management (UAM), its differences from identity management (IDM), its types, how to set...
Learn how organizations start their IVIP journey, which criteria matter most, and why identity visibility is the first step toward effective governance.
About Customer GEOxyz
GEOxyz is an international maritime data company delivering high-quality geospatial data for offshore and infrastructure projects worldwide. While the company operates vessels at sea, its core value lies in the data it collects, processes, and delivers to customers.
With a growing organisation and an increasingly complex IT landscape, protecting sensitive data and maintaining control over access to systems is a fundamental requirement for daily operations.
The IAM Challenges
As GEOxyz continued to grow, the organisation increasingly recognised that it is, at its core, a data company. While operating in a maritime environment, the real value GEOxyz delivers lies in the data it collects, processes, and provides to customers. Protecting that data, therefore, became a critical responsibility.
In the context of ISO/IEC 27001 certification, identity and access management emerged as a fundamental requirement. At the same time, evolving regulatory frameworks such as NIS2 reinforced the need for continuous control and demonstrable oversight of access to critical systems.
However, GEOxyz was operating in a complex IT environment with multiple systems, roles, and users, including freelancers and temporary workers. Without centralised visibility, it became increasingly difficult to maintain control and confidently answer essential questions around access.
"The biggest challenges were visibility and control. Without good governance, it’s difficult to answer simple questions like who has access to which systems and why."
The Criteria for The New Solution
When evaluating solutions for identity and access management, GEOxyz deliberately avoided complex, long-running IAM programs that depend heavily on external consultants or proprietary technology. The organisation was looking for a solution that could be implemented pragmatically and managed by its own team.
Based on these considerations, GEOxyz defined a clear set of criteria the solution needed to meet:
- It had to provide immediate visibility into who has access to which systems;
- It needed to be practical and understandable for internal teams;
- It had to support identity and access governance without excessive complexity;
- It should avoid vendor lock-in and rely on open, flexible technology;
- It had to align with ISO/IEC 27001 requirements and audit expectations;
- It needed to be implementable without long timelines or reliance on third-party consultants.
"At GEOxyz, we wanted a practical solution which would be usable by our own people. We did not want a multi-year trajectory or a solution that depends on external consultants."
The Results
- Implementation completed within weeks.
- Centralised visibility into identities and access rights across systems;
- Structured access reviews with clear ownership and accountability;
- Consistent validation of access by responsible managers;
- Improved oversight of access as users, roles, and systems change;
- Stronger support for security operations and audit preparation;
- Solid foundation for long-term identity governance.
"Elimity's solution gives us a clear overview of access rights across systems and makes access reviews easier by assigning review tasks to managers."
Download the Full Customer Case
👉Read the full customer case here: https://elimity.com/case-studies/geoxyz