A Fortune 500 full-service banking provider onboards hundreds of security apps and eliminates known vulnerabilities after partnering with Apex.


Our client had 159 applications that were deemed “critical” to migrate onto SailPoint, which controls identity governance and access management. It was critical that our client control who had certain access and entitlements inside of these applications.

Because these apps were so important, the client’s leadership set an aggressive initiative to onboard the applications into SailPoint. The group traditionally responsible for applications didn’t have the capacity to do this additional work and keep up with their daily tasks.


Early in the project, our stakeholder’s budget would not allow us to move forward in the way we felt would be most successful, so we used a creative approach to bring in two consultants for a six-week discovery phase to familiarize them with the work ahead. The Apex team worked with internal application owners to gain insight into the applications within the scope of the project.

159 security applications were developed and deployed, eliminating security vulnerabilities 

We rapidly scaled up to meet the aggressive timeline by deploying a team lead, two quality assurance consultants, and seven SailPoint engineers. Apex’s team lead acted as a liaison between the applications and cyber teams to address a gap in communication. The team created a questionnaire to send to the business and the applications team to determine which applications needed to be integrated into the client’s system.

From there, the team met with client stakeholders to align the stakeholders with the goals of the project. Finally, the team was responsible for adapting, validating, and deploying the applications the client stakeholders had identified within the client’s infrastructure. Our team developed the application and metadata onboarding process for development, testing, and deployment to enable certification and risk reporting in SailPoint.

Based on the type of application, we had a template for what would be required from the application teams. We also had tickets in JIRA that could be cloned easily to enable sprint planning. After the project, the template was transitioned over to the client’s team. 


Our team developed and deployed 159 security applications, thereby eliminating all the identified security vulnerabilities. Due to Apex’s success in this project, the client has placed us under consideration for future business projects.