Know how to Automate Access Requests, Certifications, and Compliance Reporting
Insurance
100+ Employees
Corporate restructuring often forces organizations to rethink their IT infrastructure from the ground up. When a company divests, it does not just lose people and assets; it also loses the shared systems, tools, and workflows that keep day-to-day operations running. Identity management is one of the first and most critical areas to break down in this transition.
For Ignyte Insurance, a divestiture from its parent company meant starting over with a much smaller team, a new Microsoft tenant, and no automated process for managing employee identities. With a lean IT function, the burden of manually provisioning and deprovisioning user access across systems became unsustainable from day one.
This case study explores how Ignyte Insurance partnered with RoboMQ to implement Hire2Retire, a no-code identity governance and administration (IGA) platform, to automate employee identity lifecycle management across ADP, Microsoft Entra ID, and Freshservice.
Ignyte Insurance is an independent insurance firm that operates in the United States. In 2025, the firm underwent a divestiture from NSM Insurance, resulting in the reduction of the number of US employees from about 400 to 100. The divestiture also saw the company receive a new tenant from Microsoft, a new HR system in ADP, and the ITSM platform known as Freshservice.
It was effectively a reset for the company. As is expected with any reset, it presented several challenges to address at once. One of these was the management of employee identities and access in a situation where there were no adequate tools or personnel.
When any employee joined Ignyte, they had to step in immediately. Create the account, assign the right groups, set up access to the right tools, all of it done manually, one step at a time. And when someone left, the same thing happened in reverse. It was tedious, it was repetitive, and with a small team already stretched thin, it kept pulling people away from actual IT work.
The real problem wasn’t that the team was slow. It’s that automated identity provisioning and deprovisioning simply didn’t exist. There was no system doing this in the background. Every hire and every departure was a manual task that had to land on someone’s plate. That’s not sustainable for a lean team trying to run a full IT operation.
Ignyte used ADP to track all employee information. But when something changed in ADP, a new hire, a termination, or a role change, nothing happened automatically in Entra ID. IT had to notice the change, then go make the corresponding update themselves.
That gap caused real problems. New employees sometimes waited longer than they should have for access to the tools they needed on day one. Employees who left the company occasionally held on to access longer than they should have. There was no employee identity lifecycle management process, just a manual workflow that depended entirely on someone catching the change in time and acting on it. For a company trying to run lean and stay secure, that was a real vulnerability.
Ignyte used Freshservice to manage IT service requests. In theory, it should have been a natural part of the onboarding and offboarding process. In practice, it wasn’t connected to anything. When someone new joined, IT had to manually open a ticket in Freshservice to kick off the onboarding process. When someone left, the offboarding checklist had to be entered by hand.
If someone on the team forgot to do it or got pulled into something else, steps got missed. Hardware didn’t get collected. Licenses didn’t get revoked. The Freshservice integration with HR and identity systems that Ignyte needed just didn’t exist yet.
The first thing Hire2Retire fixed was the gap between ADP and Entra ID. Using an API-based connection, Hire2Retire pulled employee data directly from ADP and used it to create, update, and deactivate accounts in Entra ID, without anyone on the IT team having to do a thing.
One technical piece that needed sorting out was SSO. ADP uses associate IDs as the primary identifier, not UPNs. Hire2Retire handled this by mapping ADP associate IDs to the corresponding Entra ID employee profiles. For new hires, that mapping happened automatically. For existing employees, the team did a one-time data alignment during setup.
Because Ignyte already had API access in its ADP package, the whole implementation moved faster than expected, down from an estimated ten weeks to around six, with only about eight to ten hours of hands-on time from the Ignyte team across the whole process.
Once the ADP to Entra ID connection was in place, Hire2Retire took over the full employee lifecycle. New hire in ADP? An Entra ID account created automatically, with the right groups and access assigned based on role. Employee changing departments? Access updated. Someone leaving? Account deprovisioned in near real time.
Role-based access control rules were set up inside Hire2Retire so that the right access was tied to the right roles. Instead of IT deciding what each person needed, the rules handled it based on the employee’s department, title, and location. That meant access was consistent, and the risk of someone having more access than they needed dropped significantly.
With Hire2Retire’s native Freshservice integration, the service desk stopped being a separate island. When an employee was hired, a service request appeared in Freshservice automatically, ready for whoever was handling hardware and access provisioning. When an employee was offboarded, the offboarding ticket was created without anyone having to remember to do it.
The integration also supported conditions, so tickets could be configured to fire only under specific circumstances, certain departments, certain roles, and certain types of changes. That kept Freshservice organized rather than flooded with noise.
For a small IT team, this was a real shift. Instead of chasing down HR to find out who started this week or manually logging what needed to happen for a departing employee, the process just ran.
The impact of Hire2Retire’s implementation was felt quickly across Ignyte’s IT operations. Here’s how things looked before and after:
| Area | Before Hire2Retire | With Hire2Retire |
|---|---|---|
| Identity provisioning | Done manually by IT for each new hire | Fully automated via ADP to Entra ID API |
| Deprovisioning | Manual, with risk of delays | Near real-time when ADP shows termination |
| IT hours on lifecycle work | Ongoing, recurring burden on small team | Reduced to ~8–10 hours for implementation only |
| Freshservice ticket creation | Had to be entered by hand each time | Automated on all configured lifecycle events |
| Implementation timeline | Initially estimated at 10 weeks | Completed in roughly 6 weeks |
| Role-based access control | Inconsistent, manually assigned per person | Rule-driven, consistent, and automatic |
The team also confirmed that no technical blockers came up during implementation, and that the concurrent ADP and Hire2Retire rollout, timed around Ignyte’s larger tenant migration, went ahead as planned.
Ignyte Insurance’s situation wasn’t unusual; a lot of companies going through divestitures or restructuring end up in the same spot. The enterprise infrastructure they relied on disappears, and what’s left is a small team trying to do everything manually while also standing up new systems from scratch.
What worked for Ignyte was finding a focused solution that didn’t try to do too much. Hire2Retire connected ADP to Entra ID and Freshservice, automated the lifecycle events that were eating up IT’s time, and did all of it in about six weeks with minimal lift from the internal team. The small IT team that was once buried in provisioning tasks got that time back, and the identity management process that came out of it was more consistent and more secure than what they had before.
For companies in similar situations, that’s probably the takeaway: you don’t need a massive platform to get enterprise-grade identity governance. You just need the right connection between the systems you already have. If your team is dealing with the same kind of manual provisioning burden, book a free demo and see how Hire2Retire can automate your employee identity lifecycle from day one.
Would you like me to redirect you to videos so that you can see Hire2Retire in action? Or just click the button above to get in touch with our executives for a call.
Insurance
100+ Employees
