Initial Infrastructures · Rouen§ 01
Systems & identities · deploy and care

AD, SSO, MFA.Deployed in two weeks.

For SMBs: Active Directory or Entra ID deployed, single sign-on connected, MFA rolled out, joiner-mover-leaver in place. We document, we simplify, we hand over.

Book a 30-min call
June 2026 · 2 audit slots
supervision identités · live
IAM
M
Marie L.Compta
· · ·
J
Jean B.Dev
· · ·
P
Pierre M.Admin sys
· · ·
S
Sarah D.RH
· · ·
L
Luc R.Commercial
· · ·
É
Émilie F.Marketing
· · ·
comptes scannés
147
orphelins
12
admins
4
Annuaire · 147 comptes en cours d'analyse
Rouen studioVendor-independentAD, Entra ID, hybridMFA across the boardTransferable documentation
€590
Targeted IAM audit · flat
1 WK
For standard SSO + MFA
100%
Vendor-independent
§ 02
— Four scopes of work

What we deploy, concretely.

01 / 04
Directory.
AD, Entra ID, hybrid · €3k to €10k

Active Directory or Entra ID

Directory deployed, consolidated or migrated based on your context. Traditional on-prem AD, cloud Entra ID, or hybrid environment. GPO or Intune by platform.

  • Directory choice justified at scoping
  • Migration from existing setup with no access loss
  • GPO or Intune policies by platform
  • Critical accounts inventoried and documented
02 / 04
SSO.
Enterprise sign-on · €4k to €12k

SSO and federation

One password for business apps. SAML or OIDC by app, federation with your directory, automatic provisioning where the app supports it.

  • Audit of currently connected apps
  • SAML or OIDC federation by SaaS
  • Automatic provisioning (SCIM) when possible
  • Clear session and validity policy
03 / 04
MFA.
MFA + admin · €2k to €6k

MFA and admin accounts

MFA rolled out for everyone, not just leadership. Admin accounts separated from daily accounts. Privileges trimmed to what's needed.

  • Progressive MFA (admins first, then all)
  • Separate, named administrator accounts
  • Privilege reduction (least privilege)
  • Modernised password policy
04 / 04
JML.
Joiner Mover Leaver · €3k to €8k

Joiner-Mover-Leaver

A written, automated procedure for arrivals, moves and departures. No more orphan accounts six months after departure. No more onboarding dragging three days.

  • JML procedure documented per role
  • Explicit roles-to-rights matrix
  • Light automation (scripts, workflows)
  • Monthly review of inactive accounts
§ 03
— We hear it all the time

Six pains we know.

01
Orphan accounts
Former employees still active in AD, in the cloud, in the CRM. No one has time to clean up.
02
Everyone is admin
Each user is admin on their workstation. One bad email attachment, and ransomware spreads.
03
Fifteen passwords
One per app. Users write them on sticky notes. IT keeps them in an Excel sheet.
04
No MFA
Or only for leadership. The rest of the team is protected by a 2018 password.
05
Slow onboarding
Three days for a new joiner to get the right access. And we still find missing apps after a week.
06
Departures dragging
The salesperson who left six months ago still has CRM access. Accounting left, but their mailbox keeps running.
§ 04
— Who it's for

The right match.

We're a good fit if
  • You have 30 to 300 users
  • You discover many inactive or orphan accounts
  • You want to roll out MFA but no one has time
  • You're preparing a compliance check (NIS2, ISO27001, GDPR)
  • You inherit an undocumented AD
  • You're switching from on-prem AD to Entra ID
We're not the right choice if
  • You have more than 1000 users or a dedicated IAM department
  • You're looking for a turnkey Cyberark or Okta enterprise rollout
  • You want intervention without changing any internal practice
— Decided?

30-min video call to look at your directory · no commitment.

Book a call
§ 05
— How it works

Three steps. Not one more.

01

Scoping call.

02

Design + deploy.

Cutover transparent for users

03

Warranty + care.

§ 06
— Pricing per scope
Scoped.

AD. SSO. MFA. Deployed. Documented.

Pricing per scope, not consulting day-rate. Optional targeted IAM audit at €590 to scope a specific topic before committing. For projects, public ranges below.
— Options de paiement
Targeted IAM audit · 1 day
€590 · flat fee
SSO rollout
€4k to €12k · by app count
MFA + admin accounts
€2k to €6k · standard scope
Included in every project
  • Detailed design and cutover plan
  • Bench pre-configuration
  • Progressive cutover with no access loss
  • Transferable documentation (procedures, configs)
  • 30-day post-deployment warranty
  • Video debrief at delivery
Other scopes and care

AD or Entra ID directory

€3k to €10k

Setup or consolidation. On-prem AD, cloud Entra ID, or hybrid based on your existing setup and direction.

  • Directory choice based on context
  • Migration from existing setup if needed
  • GPO or Intune by platform
  • Critical accounts inventoried and documented

Joiner-Mover-Leaver

€3k to €8k

Joiner, mover, leaver procedure written and automated where possible. No more orphan accounts, no more onboarding dragging.

  • Documented JML procedure
  • Light automation (scripts, workflows)
  • Roles to rights matrix per function
  • Monthly inactive accounts review

Recurring IAM care

from €290/mo

Recurring review of accounts and rights, intervention on changes, escalation support. Readable contract, opt-out with notice.

  • Monthly account and privilege review
  • Rights matrix updates
  • Escalation response · contractual delay
  • Quarterly leadership report
01
Direct.
vous parlez à celui qui code
02
À vous.
le code, le contenu, le domaine
03
France.
données et hébergement à Rouen
§ 07
— After deployment?

We stay reachable.

Once identity is in place, here is how we support (or not) what comes next.

01
Full handover
JML procedures, rights matrices, saved configurations, critical accounts inventoried. Everything is yours, in open formats.
02
30-day warranty after deployment
During the month after cutover, any configuration defect is fixed at no cost. Beyond that, recurring care if you want.
03
Recurring care · if you want
Monthly account review, rights matrix updates, escalation support. Readable contract, opt-out with notice. Otherwise, we forget each other cleanly.
§ 08
— Frequent questions

About us. No fluff.

By scope, with public ranges. AD or Entra ID directory: €3k to €10k. SSO: €4k to €12k by app count. MFA + admin accounts: €2k to €6k. JML: €3k to €8k. Firm quote within 5 working days after scoping. The optional targeted IAM audit at €590 lets you scope a topic without committing.

§ 09
— Get started

Book your
scoping call.

30 min · No commitment · We assess together if the audit or a project is relevant.

0 / 400
Your main need
June 2026 · 2 audit slots

No credit card. No aggressive follow-up. If we don't click, we forget each other. Cleanly.