ASDA’s identity overhaul: what it means for lifecycle governance

TL;DR: ASDA’s move to rebuild identity after its separation from Walmart shows how fast onboarding, cleaner data, and stronger lifecycle processes become operational requirements when a retailer must manage 138,000 users and 6,000 contractors across cloud-based systems, according to SailPoint. The deeper lesson is that identity programmes fail when they are treated as tooling projects instead of business change and governance programmes.

NHIMG editorial — based on content published by SailPoint: ASDA reveals how SailPoint supported the supermarket to build a new, nationwide identity security program

By the numbers:

• ASDA also manages around 6,000 contractors on a separate system.

Questions worth separating out

Q: How should organisations manage contractor access differently from employee access?

A: They should not create a weaker parallel process unless there is a clear legal or operational reason.

Q: Why does identity data quality matter so much in IAM programmes?

A: Because every provisioning, certification, and role-mapping decision depends on accurate identity data.

Q: When should organisations prioritise change control in identity projects?

A: From the start. Identity programmes fail when teams try to make software fit a bad process, because users, managers, and approvers then work around the control model. Change control should cover training, communication, release discipline, and operational readiness whenever identity workflows change.

Practitioner guidance

• Map every identity flow to a named owner Document who owns joiner, mover, leaver, and contractor changes across HR, IAM, and service teams so no identity attribute sits in an unresolved handoff.
• Measure onboarding speed as a control metric Track the time from employment event to usable access for short-term staff, contractors, and frontline workers, then separate delays caused by process, data, and approvals.
• Clean identity data before expanding automation Reconcile multiple source systems into a single trusted identity dataset before using role mining, AI-assisted onboarding, or access certification at scale.

What's in the full article

SailPoint's full blog covers the operational detail this post intentionally leaves for the source:

• How ASDA structured its identity reset after separating from Walmart and why that mattered for governance
• The practical steps used to align Workday, SailPoint, and ServiceNow for request and lifecycle handling
• The contractor-management approach behind SailPoint's Non-Employee Risk Management deployment
• The specific lessons Simon Langley highlighted on data ownership, business change management, and partner selection

👉 Read SailPoint’s ASDA identity transformation story →

ASDA’s identity overhaul: what it means for lifecycle governance?

Explore further

View Full Forum →  |  NHI Foundation Course →