Customer Requirement:
A mid-tier BFSI institution with about 15,000 employees undergoing major digital transformation projects. While they had modernized parts of their infrastructure, 35 mission-critical (for SOX) legacy applications remained — powering everything from loan origination and credit risk to mainframe-based customer onboarding.
The catch
- No API access
- No support for modern identity protocols
- GUI- or terminal-based interfaces built in the early 2000s — or earlier
- Manual provisioning and deprovisioning for hundreds of users
- Access reviews conducted using outdated spreadsheets
They needed a way to centrally govern identity across all 35 systems — without rewriting code or disrupting operations.
How BAAR-IGA Solved It:
🤖 Inbuilt RPA-Engine for Legacy Integration — No APIs, No Problem
Rather than forcing risky app customizations, BAAR-IGA used its in-built RPA engine to automate identity tasks across all legacy platforms (Web based & Client Server)
The inbuilt RPA bots:
- Simulated admin behavior inside mainframe consoles, OS (Windows & Linux) GUIs, or browser-based legacy UIs
- Created, updated, disabled user accounts — reliably and securely
- Triggered automatically based on lifecycle events from HR or ITSM systems
- Operated in real-time or batch mode, depending on system constraints ‘
No APIs. No agents. No change requests to legacy vendors.
🔄 End-to-End Lifecycle Orchestration for Legacy Apps
Once connected, BAAR-IGA treated these legacy systems like any other new age app.
Admins could now:
- Define joiner/mover/leaver workflows with legacy access built-in
- Assign birthright access to systems like credit approval, internal ledger tools, or treasury terminals
- Automatically revoke access to legacy systems upon role changes or exit
- Monitor all RPA actions from a single policy dashboard
Legacy access became predictable, governed, and most importantly — auditable.
📋 Access Reviews With 100% Coverage
Before BAAR-IGA, only modern apps were included in access certification. Legacy apps were “reviewed” via static lists or ignored altogether.
Now, BAAR-IGA’s RPA bots extract access data in real-time and populate it into the access review engine.
This enabled:
- Unified access certification campaigns covering all 35 legacy apps
- Role-based entitlement mapping — even in apps without roles
- One-click remediation (RPA-triggered revocation) from within the review interface
Every user. Every system. Every entitlement — finally visible.
📑 Compliance Without Compromise
As a regulated financial institution, the customer had to prove:
- Who had access to what
- Why they had it
- When it was approved
- How it was removed
With BAAR-IGA:
- Every RPA-driven action was logged and traceable
- Compliance teams could generate reports for SOX, GLBA, RBI, and internal audits
- Legacy systems became compliant without a single line of code changed
The institution transformed a patchwork of legacy into a clean, certifiable identity footprint.
The Result?
- 35 legacy applications fully integrated in less than 90 days
- 100% automation of identity lifecycle actions across all systems
- Audit findings reduced by 60% in the first review cycle
- IT operations saved 1,000+ hours annually by eliminating manual provisioning
- Zero impact to legacy application performance or uptime
Thanks to BAAR-IGA’s RPA-driven integration, legacy apps are now first-class citizens in the IGA ecosystem — without disruption, risk, or regret.
