RAPIDVALUE CONFIDENTIAL

Identity Governance & Administration

Identity governance,
week 1.

EU-native IGA — SaaS, private cloud, or on-premises.
From inquiry to working POC in a single morning.

30-min POC setup Tier-3 hybrid agent DORA · NIS2 · GDPR ready
rapidvalue.be/iga · kerremans.serge@rapidvalue.be

Today

What we'll cover

The problem every IAM team recognises
Why the old approach keeps failing
The RapidValue approach — visibility-first onboarding + IVIP intelligence
Differentiators vs. SailPoint / Saviynt / Omada
Time-to-value & ROI
POC motion — 5 minutes to first sync, working proof same morning
Pricing & next steps — incl. IVIP Visibility tier

The problem

You wanted governance.
You got a configuration project.

🕐

Classic IGA platforms take 12–18 months before they deliver real value. By then, your org has changed.

🤖

You have 50× more non-human identities than employees — service accounts, AI agents, bots — and no visibility into who owns them.

📋

Certifications that nobody trusts. Managers rubber-stamp hundreds of rows without any context.

🔌

Connector configuration takes 4–8 weeks per system. You're still onboarding your 3rd connector when the project is due.

📁

No audit evidence. Reconciliation gives you counts, not reasons. Your auditor asks "why?" and you have no answer.

🏛️

DORA / NIS2 deadlines don't care about your 18-month implementation timeline.

Market context · 2026

Three forces making
the status quo untenable

🤖

NHI explosion

Non-human identities now outnumber employees 50:1. AI agents, automation bots, and cloud workloads are your biggest identity surface — and the least governed.

⚖️

Regulatory urgency

DORA (Feb 2025), NIS2 (Oct 2024), and AI Act (2026) all require continuous access oversight and audit-ready evidence. Fines for non-compliance: up to €10M.

🏢

Data sovereignty

EU mid-market customers can't send identity data to US cloud hyperscalers. They need on-prem or EU-sovereign deployment — without losing SaaS convenience.

50:1
NHI-to-human ratio
(industry average)
€10M
Max NIS2 fine
for critical infrastructure
67%
Of EU mid-market
failed last IAM audit

Our approach

Three pillars, one week.

1 · Visibility-first onboarding

New connectors land in read-only mode by default. Sync identities, accounts, entitlements in under 5 minutes — no provisioning rules to author first. Quick Scan delivers risk score, SoD findings, role proposals, and drift report the same day. Provisioning opt-in, per object.

5 min to first sync IVIP tier available
📊

2 · IVIP intelligence + evidence

14-component identity risk score (0-100, daily trend), cross-system SoD rules, dormant grant detector, peer-group outlier detector — all deterministic, all explainable. One-click audit packs map directly to SOX § Access, ISO Annex A.9, HIPAA § 164.312, GDPR Art. 32.

14-component score SOX/ISO/HIPAA/GDPR packs
🛡️

3 · Flexible deployment, real credential security

Tier-3 agent runs inside your VPC — connector credentials encrypted on your machine, never transmitted to the control plane. Deploy on our EU SaaS, EU Sovereign SaaS (OVH/Scaleway, no US Cloud Act), your own cloud account, or fully on-premises.

Credentials never leave your network SaaS · Private Cloud · On-prem

Competitive position

Where we win outright

Capability RapidValue SailPoint Saviynt Omada Entra ID Gov
Connector onboarding (read-only) ⚡ 5 min (visibility-first) 4–8 wks4–8 wks3–6 wks2–4 wks
14-component identity risk score + daily trend ✅ Built-in (IVIP) ⚠️ Atlas add-on⚠️ Add-on⚠️ Basic
Cross-system SoD rules ✅ Declarative (IVIP) ⚠️ Within app
Framework audit packs (SOX/ISO/HIPAA/GDPR) ✅ One-click ZIP
Dormant grant detector + peer outliers ✅ Built-in (IVIP) ⚠️⚠️
NHI 4-tier ownership model ✅ Built-in ⚠️ Add-on⚠️ Partial⚠️ Partial
Recon snapshot + reason per grant ✅ Every run
Blast-radius graph (4-level) ✅ Built-in ⚠️ Partial
Role mining (8 algo + cross-dedup) ✅ Built-in ✅ Add-on✅ Add-on✅ Basic⚠️ Basic
Tier-3 on-prem agent (EU data residency) ✅ Included ✅ Complex✅ Complex✅ Complex
Engine pause kill-switch ✅ Built-in
POC to production (time) 30 min POC, 4 wks prod 6–9 months6–9 months4–6 months2–3 months

ROI & time-to-value

Payback in month 11.
Not year 3.

Milestone Classic IGA RapidValue
First sync + drift report 8–12 weeks Same day
First role-model proposals 6–9 months 2–4 weeks
First audit-ready certification 9–15 months Week 4
Full JML automation 12–18 months 8–12 weeks
3-year TCO (mid-market baseline) €3.04M €1.19M
€1.86M
3-year savings vs. classic IGA
(implementation + ops combined)
Month 11
Payback period
(mid-market baseline: 2,500 identities)
+€121k/yr
Additional IVIP impact
(dormant license reclaim · audit pack hours · SoD risk avoidance)
4 hrs
Time-to-productive for a new joiner
(vs. 5 days with classic IGA)

The POC motion

From morning call
to working proof same day.

1

Sales engineer runs rv-poc bootstrap

POC tenant enabled, agent registered, handoff text printed — 60 seconds.

2

Customer pastes one-liner on their server

curl -fsSL .../installer | bash — tier-3 agent running in their VPC in ~5 minutes.

3

Visibility-first wizard → live data

5-step wizard, read-only by default. First sync completes in under 5 minutes — no provisioning rules to author first.

4

IVIP risk surface + role mining

Risk score per identity (14-component), SoD findings, dormant grants, peer outliers, role proposals — all from their actual data, same morning.

5

Customer takes home the proof

Privacy-safe aggregate summary + one-click audit pack (SOX / ISO / HIPAA / GDPR) downloaded — safe to share with CISO, DPO, legal team without prior review.

~5 min
First sync to live data
(read-only, full IVIP surface)

What stays in their VPC — always

  • ✅ Vault secrets (AD passwords, API tokens, OAuth keys)
  • ✅ Connector access — agent executes inside their network
  • ✅ Network topology and system credentials

Identity data syncs to the control plane to power governance workflows — same as any IGA vendor. Choose Private Cloud or On-Premises deployment to keep all data in your environment.

Fast POC setup: no inbound firewall rules, no VPN, no infrastructure provisioning — install the agent on one VM, connect in minutes. A standard DPA covers the SaaS POC; Private Cloud deployment is available for prospects requiring full data residency from day one.

Ideal customer profile

Who we're built for

SWEET SPOT ✓

🏢 500–10,000 identities (humans + NHIs combined)

🔌 5–50 target systems to govern

🇪🇺 Belgium / Netherlands / DACH / France — multi-locale first

⚖️ DORA / NIS2 / GDPR / SOX pressure but no 8-person IAM team

😤 Burned by a previous IGA project — or starting fresh and refusing to repeat it

NOT A FIT (today) ✗

❌ < 100 identities — a spreadsheet works fine

❌ > 50,000 identities — we scale there in 2027

❌ Needs 6-person implementation team for heavy customisation — look at SailPoint Identity Security Cloud

Vertical priority

Financial services Healthcare Public sector Professional services Manufacturing

Pricing

Simple, identity-based pricing.

Starter
€5k/mo
Up to 1,000 identities
  • Up to 5 connectors
  • HR sync + AD + Entra
  • 14-component risk score (IVIP)
  • Cross-system SoD + recon
  • JML automation + certs
  • Tier-3 agent included
  • EN + NL + FR + DE
Growth
€15k/mo
Up to 5,000 identities
  • Up to 20 connectors
  • All Starter features
  • NHI 4-tier governance + JIT
  • Audit packs (SOX/ISO/HIPAA/GDPR)
  • Role mining (8 algorithms)
  • Sector pack add-on eligible
  • Dormant + peer-outlier detectors
Enterprise
€40k+/mo
Unlimited identities
  • Unlimited connectors
  • All Growth features
  • Dedicated tenant
  • Custom roles + workflows
  • Script library + templates
  • SLA + dedicated CSM
  • On-prem Kubernetes option
+ IVIP Visibility tier — €3k/mo · read-only governance at any scale. Get the full risk surface (14-component score, SoD, dormant, peer outliers, recon, advisor) without provisioning. Expand to write-back when ready. Ideal for sovereignty-conscious or POC-cautious buyers.
💼 Implementation: €30k–€80k fixed or T&M 🧩 Sector packs (Financial / Healthcare / Public Sector): €10k one-time each 🔄 Annual commitment discount: 15%
RAPIDVALUE

Ready to move?

Three ways to start today

🚀

30-min live demo

We walk through your environment screenshots. You leave with a customised drift report and role proposals.

rapidvalue.be/iga/demo

Visibility POC in 1 day

Connect a sandbox in read-only mode. Get risk score, SoD findings, dormant grants, role-mining baseline, and audit pack for your CISO — same morning.

IVIP Visibility tier · €3k/mo · no provisioning rules to write

🗺️

Architecture review

Our engineers map your current IAM landscape and deliver a gap report with a tailored migration path — no commitment required.

4-hour workshop, remote or on-site

📧 kerremans.serge@rapidvalue.be · rapidvalue.be/iga
1 / 11 ← → keys or click
Hub