Using vIAM to extend the IAM capabilities of a German Infrastructure Provider for Fintechs and Digital Banks

Challenge

A leading European provider of infrastructure for fintechs and digital banks, headquartered in Germany, had invested in Okta Workforce Identity and, more recently, Okta Identity Governance.

Yet despite this progress, recurring audit findings under regulatory frameworks such as DORA continued to surface. The core issues were systemic:

• IAM disconnected from business risk – Access policies were not mapped to business functions or operational risk, creating gaps in sensitive areas like Treasury and Trading exposed.
• Lack of architectural ownership – Okta had been deployed project by project, without a unifying roadmap, creating fragmented integrations and weak controls.
• Incomplete audit trail – Traceability of approvals and access decisions fell short of BaFin, PSD2, and DORA expectations, limiting the client’s ability to prove governance maturity.

The gap between technical IAM deployments and strategic governance alignment was widening, creating both compliance risk and operational inefficiency.

Approach

Cloudcomputing introduced the vIAM service, acting as an extension of the client’s IAM team. The model combined strategic and operational capabilities, with a delivery model flexible enough to address issues at different layers – from architecture to compliance support.

The engagement covered four key streams:

1. Discovery & Gap Analysis – A maturity review to surface governance gaps, risk misalignment, and regulatory exposures.
2. Architecture & Integration – Redesign of Okta Access and IGA integrations with mission-critical applications, ensuring compliance and traceability.
3. Continuous Operation – Ongoing engineering support for incident handling and incremental changes, ensuring IAM remained aligned with evolving needs.
4. Audit & Regulatory Support – Evidence generation, reporting, and knowledge transfer to ensure sustainability against DORA, PSD2, NIS2, and GDPR.

Solution

Our vIAM service begins with a Discovery phase to align expectations, priorities, and delivery timelines. It offers continuous strategic and operational support, and its value pyramid enables targeted action at any layer, from strategy to corrective support. This approach ensures that Identity management is addressed comprehensively, aligning with business needs, regulatory requirements, and audit standards.

click to zoom

By combining strategy and execution in a co-managed model, Cloudcomputing transformed IAM from a fragmented deployment into a structured operating model. Key outcomes included:

• A strategic roadmap for IAM that aligned policies directly to business risk and functions.
• Resilient integrations of Okta Workforce Identity and Identity Governance with critical systems, ensuring compliance and operational continuity.
• Operational coverage for day-to-day IAM activities, closing the gap between projects and continuous service.
• Regulatory assurance with complete traceability and regulator-focused reporting, meeting the demands of DORA, PSD2, BaFin, NIS2, and GDPR.

Results

The vIAM engagement delivered measurable improvements across compliance, operations, and business alignment:

• Strategic clarity – From Day One, the client gained a clear view of IAM gaps, priorities, and execution timelines.
• Audit readiness – Complete evidence trails reduced recurring non-conformities and instilled regulator trust.
• Optimized investments – Existing Okta licenses were fully leveraged, unlocking previously underused capabilities.
• Continuous improvement – IAM became a living service, evolving continuously alongside business priorities.

Cloudcomputing’s vIAM service enabled the client to shift IAM from a compliance burden to a strategic enabler of resilience, regulatory confidence, and business growth.