Client Background and Context

Fagerhult Group is a global lighting and technology company made up of 16 independently operated brands.  Each brand runs its own IT and HR environment. That independence is part of the group’s operating model and commercial strength.  
 
But independence at scale comes at a cost.  
 
Across the group, there were 12 separate Microsoft Entra ID tenants and HR data spread across multiple systems and CSV feeds. The workforce was split between desk-based employees with M365 accounts and deskless workers without them. There was no consistent way in, and it was clear that no one had a complete view of who needed access to what, or whether that access was current.    
 
And when Fagerhult began planning the rollout of Workvivo as a shared communications platform across all 16 brands, the identity problem could no longer sit in the background. Every employee needed access. Not just desk-based employees, every single one of the 4,000 people across the group, regardless of brand, role or how they work. 
 
The goal was clear. Provide secure, consistent access for every employee without forcing brands to change their existing infrastructure. 

“Connect allowed us to bring 16 independent brands together under one identity layer, without forcing any of them to change how they operate day to day.”

John Smith

Company Name, Job Title

The Challenge

The complexity was real and layered. Fagerhult wasn't dealing with just one IAM problem, it was dealing with several at once.

• Fragmented identity management: There was no unified access layer across 12 separate Entra ID tenants, no central view of who had access to what, and no consistent way to provision or remove it.
  
• Manual joiner, mover and leaver processes: Every new hire, role change or departure meant manual updates across multiple systems. This created delays, increased the risk of error and left access in place longer than it should have been.
• A workforce with different access needs: Desk-based employees had M365 accounts but the deskless workers didn't. Both needed access to the same tools, through different routes, without creating two separate processes to manage.
• Brand autonomy was non-negotiable: Each brand ran its own IT environment. Consolidating tenants or imposing a shared infrastructure simply wasn't an option. The solution had to work with what was already there.  

The group needed a way to manage identity and access consistently, without asking anyone to change how they operated.

The Solution

Rather than forcing a structural change on any brand, Fagerhult deployed Connect as a shared identity and access layer sitting above its existing IT infrastructure.
The approach was deliberate: preserve everything brands already had and add the group-level capability they were missing.

One identity layer across 12 tenants
Connect integrates individually with all 12 Entra ID tenants and pulls employee data from each brand's HR sources, including CSV feeds. Every employee now has a single, secure group-level identity regardless of which brand they work for, where they are located or how they access systems.

Access for every type of worker
Desk-based employees sign in through Microsoft 365 Single Sign-On. Deskless workers authenticate directly through Connect. Both groups access Workvivo and other connected tools through the same identity layer, with the same reliability and without needing separate credentials or workarounds.

Automated joiner, mover and leaver workflows
Connect replaced the manual provisioning chain entirely. When a new employee is added through Entra ID or a connected HR source, access is provisioned automatically. When someone changes roles or moves between brands, their access updates accordingly, and when someone leaves, their access is removed across all connected systems. The process runs without manual input and without the errors that came with it.

A reliable source of truth for workforce data
7 HR data sources feeding into one platform meant data quality couldn't be an afterthought. Connect maps employee data across organisations, regions and reporting lines, giving the group IT function an accurate, always-current view of its entire workforce for the first time.

Distributed control with central visibility
Local IT teams continue to manage their own users and environments as they always have. What changed is that the group IT function now has visibility across access, governance and usage in one place. Independence is preserved. Oversight is no longer a blind spot. 

The Results

With Connect live across all 16 brands, Fagerhult has a consistent, automated and scalable identity model for the first time.


For IT Teams

• 12 Entra ID tenants unified through a single identity layer
• Joiner, mover and leaver workflows now run automatically, without manual input
• Central visibility across access, usage and compliance for group IT
• Local admin control preserved for each brand's IT team
• Fewer tickets and less reactive provisioning work

For HR Teams

• One reliable source of truth for employee data across all 16 brands, automatically updated
• Accurate data mapping across organisations, regions and reporting lines
• Shared org charts that work consistently across the group
• Reduced manual admin and fewer data errors

For the Business

• Around 4,000 employees, desk-based and deskless, connected and system-ready from day one
• Consistent digital experience across 16 independently operated brands
• Workvivo live across the group, accessible through a single identity layer
• Two new brands onboarded post-launch with minimal effort, proving the model at scale

Fagerhult didn’t need to consolidate infrastructure to achieve consistency. By introducing a shared identity layer, the group created secure, automated access across 16 brands while preserving local autonomy. Identity became simpler, access became reliable, and the workforce became system ready from day one.