Case Study
Australian state government agency
Close-community CIAM on Microsoft Entra External ID. Cohorts, organisations, birthright access and lifecycle workflows, governed from the agency's own Australian Azure tenant.
An Australian state government agency layered Apporetum over Microsoft Entra External ID to govern a closed community of external users. Birthright access, self-service, basic lifecycle workflows, and cohort and organisation management, all inside the agency's own Australian Azure tenant.
Headline metric
Closed community
external identities governed on Microsoft Entra External ID
Scale and shape
- StateAustralian state government agency
- External IDBuilt on Microsoft Entra External ID
- Cohorts + OrgsCohort and organisation modelling for the community
- SovereignDeployed inside the agency's own Australian Azure tenant
The challenge
What was driving the engagement
The agency operates a closed community of external users on Microsoft Entra External ID. External ID is the right authentication platform, but on its own it does not model cohorts, partner organisations, birthright access or lifecycle workflows.
Manual onboarding of external organisations and their members did not scale, and the agency could not give partner organisations any meaningful self-service.
External user accounts were drifting after the joining event, with no deterministic process for change or leave.
As a state government entity, Australian data sovereignty was non-negotiable. The platform had to run inside the agency's own Azure tenant.
What Apporetum did
Australian-built, cloud-native on Microsoft Entra, deployed inside the customer's own Australian Azure tenant
Apporetum was deployed alongside Microsoft Entra External ID inside the agency's Australian Azure tenant. Australian-built, cloud-native on Microsoft Entra.
Closed-community CIAM was modelled in Apporetum, covering organisations, cohorts, and the relationships between them.
Birthright access was issued automatically on join, so members started with the right baseline without manual intervention.
Self-service access requests, basic Joiner-Mover-Leaver (JML) lifecycle workflows and delegated organisation management were rolled out across the community.
The result
What the customer can now show, prove and defend
Closed-community CIAM
live on Microsoft Entra External ID, governed end-to-end by Apporetum
Birthright + self-service
access on join, with delegated approval thereafter
Cohort + organisation modelling
replacing manual administration of the external community
Sovereign
deployed inside the agency's own Australian Azure tenant
Australian-built, sovereign, fast to value
Apporetum is built specifically for Australian organisations who need Identity Governance and Administration (IGA) on Microsoft Entra without shipping identity data offshore, without per-user licensing, and without waiting quarters for value.
Deployed in the customer's own Australian Azure tenant
Identity data stays inside the customer's sovereign boundary.
Value from deployment, in weeks not quarters
Insight mode from day one, deterministic governance shortly after.
Fixed monthly cost, no per-user licensing
Cost stays predictable as the identity estate grows.
Cloud-native on Microsoft Entra, not parallel to it
Apporetum extends Entra ID and Entra External ID rather than replacing them.
Recognise the shape of this problem?
Book a quick demo and we will walk you through how Apporetum has solved similar problems for organisations in your industry, inside their own Australian Azure tenant.