Identity consolidation at acquisition speed: what IAM teams should note

TL;DR: Accenture’s identity standardisation across nearly 100 acquisitions in two years included centralising phishing-resistant authentication for 2,000 end users and reducing highly privileged AD admin accounts by about 50%, according to Axiad. The case shows that acquisition velocity makes identity governance an operational scaling problem, not a back-office control exercise.

NHIMG editorial — based on content published by Axiad: Why Accenture Is Axiad's 2025 Customer of the Year

By the numbers:

• Accenture was acquiring nearly 100 companies in two years, creating hundreds of distinct Active Directory environments to manage.
• Axiad says it delivered centralized, phishing-resistant MFA to 2,000 end users across multiple AD environments.
• One outcome was a roughly 50% reduction in highly privileged AD admin accounts.

Questions worth separating out

Q: How should security teams standardise identity after an acquisition?

A: Security teams should begin with an inventory of inherited directories, authentication methods, and privileged accounts, then set one target identity standard for the merged estate.

Q: Why do acquisitions often increase identity risk?

A: Acquisitions increase identity risk because every new business brings its own directories, admin accounts, MFA patterns, and emergency access habits.

Q: What breaks when privileged account cleanup is delayed after a merger?

A: Delayed cleanup leaves duplicate administrators, inherited exceptions, and unclear ownership in place.

Practitioner guidance

• Map inherited directories before standardising trust Create an inventory of all Active Directory environments, authentication methods, and privileged accounts across acquired entities before enforcing a common identity standard.
• Collapse duplicate privileged accounts during integration Review administrator memberships, break-glass accounts, and local exceptions as part of the acquisition workstream so duplicate authority does not persist after cutover.
• Prioritise phishing-resistant authentication for high-risk users Roll out phishing-resistant MFA first to end users and administrators who bridge multiple environments, because their access paths create the largest cross-domain risk.

What's in the full article

Axiad's full article covers the operational detail this post intentionally leaves for the source:

• The customer narrative behind Accenture's identity standardisation approach across hundreds of inherited Active Directory environments.
• The implementation story for centralized phishing-resistant MFA at enterprise scale, including how the deployment was staged.
• The operational outcomes Axiad attributes to the rollout, including the reduction in highly privileged AD admin accounts.
• The internal change-management and governance context behind adoption by AD administrators.

👉 Read Axiad's customer story on identity consolidation at acquisition speed →

Identity consolidation at acquisition speed: what IAM teams should note?

Explore further

View Full Forum →  |  NHI Foundation Course →