In 2024, fenaco decided to fundamentally redesign its Identity and Access Management and migrate to a standardized platform. The goal was to centrally manage all digital identities across the corporate group – which comprises around 150 companies – while ensuring consistently high, enterprise-grade security standards.
Together with iC Consult, the internal team implemented a solution based on One Identity Manager that optimizes IAM processes, unlocks significant automation potential, and sustainably strengthens compliance through role-based access control.
Content
Customer & Project Overview
Customer Profile
Industry: Agricultural
Headquarters: Bern, Switzerland
Employees: > 17,000
Number Identities: > 30,000 (incl. technical identities)
fenaco is one of the largest agricultural cooperatives in Switzerland, comprising around 150 subsidiaries and employing more than 17,000 people. It supplies the Swiss agricultural sector with production inputs, processes and markets agricultural products, and operates its own energy and logistics solutions.
Implementation of a modern, unified Identity & Access Management system based on One Identity Manager for 30,000 internal and external identities across 150 subsidiaries, including migration.
- One Identity Manager
- System Integration by iC Consult
Results
Development and implementation of a robust IAM solution for approximately 30,000 identities (incl. technical identities) as a unified, secure, and scalable foundation
Successful onboarding of the first subsidiaries, including internal and external identities, during the pilot phase
Faster workstation provisioning and seamless collaboration through Microsoft Teams integration
Automation of Joiner–Mover–Leaver processes with a significant reduction in error sources, increased security, and improved compliance
Measurable cost savings through optimized license management and greater transparency
Situation
For a long time, Identity & Access Management (IAM) at fenaco was just one of many IT topics, lacking clear structures and defined processes. However, with increasingly complex threat scenarios and growing organizational complexity, IAM moved further into focus. In 2022, the decision was made to introduce a professional, group-wide IAM solution that meets the highest enterprise standards and establishes the foundation for a unified IAM framework across the entire corporate group.
The initiated project was far-reaching in scope: more than 30,000 digital identities – including 17,000 internal employees as well as numerous external partners, service providers, and technical accounts – were to be connected to the new IAM system, while the decentralized IAM tools used by the 150 subsidiaries were to be consolidated.
The greatest challenge was likely the heterogeneity of the group: the individual subsidiaries differ not only in size – ranging from small businesses with ten employees to larger entities with their own IT departments – but also in their business models and requirements.
The objective was to introduce a common standard that enables automation, compliance, and role-based access provisioning – while still offering enough flexibility to accommodate individual needs. A key priority was to replace manual permission assignments with a high degree of automation, ensuring that access rights can be granted and revoked based on clearly defined roles in the future. The project also aimed to address security aspects such as password management and to lay the foundation for consistent Segregation of Duties.
Stefan Furrer, IT Project Manager at fenaco, explains: “Given the broad catalog of requirements, we began looking for an experienced integration partner to support us in selecting, configuring, and implementing a suitable platform. It was important for us to find someone we truly connected with and could fully trust. We were therefore less focused on finding the perfect solution and more on finding the perfect partner – and we found that partner in iC Consult.”
Solution
Technical Implementation of the New Identity Management – and the First Successes
Together with iC Consult, fenaco selected One Identity Manager as the central platform. Given the high complexity and depth of integration required for the overall project, a two-phase rollout approach was chosen:
- Phase 1 – Digital Workplace: Initially, One Identity Manager manages exclusively the internal Microsoft Teams identities. The goal is to integrate the majority of the 17,000 MS Teams identities by the end of 2025 and to streamline internal processes.
- Phase 2 – Core Concept: Gradual integration of all external identities across the 150 subsidiaries and establishment of a future-proof, unified IAM framework.
Implementation of both projects is in full swing: First, the One Identity platform was deployed, which fenaco is currently operating on-premises for security reasons – with the option of migrating to the cloud at a later stage.
Subsequently, iC Consult enhanced the solution with a range of required interfaces, some of which were adapted and others newly developed, including interfaces to the HR solution SAP HCM, Azure AD, ServiceNow, and Microsoft Exchange.
The result is a robust, scalable infrastructure that connects all central systems. The successful pilot with three connected subsidiaries demonstrates the viability of the solution and marks the starting point for the group-wide rollout.
With a modern Identity Management system, we primarily expect greater security for our data and processes. In addition, we aim to significantly simplify our employees’ daily work by reducing manual steps. Making processes more efficient, strengthening compliance, and noticeably increasing the level of automation – that is what we are striving for.
Stefan Furrer, IT Project Manager, fenaco
New Ways of Working for Employees and IT: More Automation, Less Manual Effort
The introduction of the new IAM system has fundamentally changed the way both HR administration and IT operate. The HR team now systematically records which access rights employees actually require — ranging from a fully equipped IT workstation to collaboration-only access such as Microsoft Teams. This information flows directly into the system, enabling role-based and largely automated access provisioning, eliminating many manual steps.
For IT, this means significantly reduced effort: Joiner–Mover–Leaver processes now run in a standardized, reproducible, and far more secure manner. In particular, the previously error-prone offboarding process has become considerably more stable. At the same time, the quality of HR master data has improved, as inaccuracies can be identified and corrected immediately, further strengthening compliance.
The project is also delivering economic benefits. Improvements are particularly noticeable in license management. In the past, costly licenses for departed employees were often paid for months because their accounts were not deleted in time. With the new solution, licenses are automatically revoked and reassigned, preventing unnecessary expenses. The savings are already becoming visible and are expected to increase significantly as the role-based model continues to expand.
Outlook
After a Successful Pilot: fenaco Launches Big Bang IAM Rollout
Following the successful pilot phase, during which the first three subsidiaries and their internal and external identities were connected to One Identity Manager, the comprehensive rollout is now imminent. In fall 2025, a planned “big bang” will see the integration of the first Active Directory, with a second directory scheduled to be integrated by the end of the year.
Even though fenaco aims to gradually operate the IAM system independently in the future and build up internal expertise, it is clear that this process will take time. Given the complexity involved, iC Consult will therefore remain a strategically important partner for the foreseeable future – both for ongoing operations and further development, as well as a trusted sparring partner.
“We look forward to a long-term collaboration,” says Roger Lottenbach, Head of Identity & Access Management at fenaco, with a smile. “And we have absolutely no concerns about that – on the contrary: we couldn’t wish for a better partner by our side.”
iC Consult not only brings the necessary technical expertise – the team also understands our corporate culture. They make us feel that we are working in a partnership of equals – and with that feeling, we look confidently toward our shared future.
Roger Lottenbach, Head of Identity & Access Management, fenaco