Eversheds Sutherland (International) collaborated with Kocho’s identity team to modernise its legacy external user solution, enhancing identity governance and security processes while decommissioning legacy technologies.
With a vast international footprint spanning 22 countries and 35 offices, and a reputation for legal excellence, Eversheds Sutherland (International) took a strategic decision to modernise its approach to secure access for external users.
Aware that legacy VPNs, federation platforms, standalone authentication tools, and manual processes were limiting efficiency and increasing risk, the firm proactively sought to strengthen governance, security, and user experience across global operations.
By partnering with longstanding technology partner Kocho, and leveraging Microsoft Entra ID Governance, Entra Application Proxy, Microsoft Graph API, and Azure Workflow and Automation services, Eversheds Sutherland was able to:
- Streamline self-service external user onboarding.
- Eliminate the need for maintaining credentials while ensuring security.
- Implement effective controls for timely supplier access removal.
- Remove dependency on costly and fragmented VPN solutions.
- Establish a consistent Microsoft-native governance model for external access across its global legal network.
We were managing external access through multiple platforms and processes, each with its own governance and operational overhead.
Challenge: Securing external access in a complex global environment
The growth of the organisation had outgrown its legacy external access system, resulting in unreliability, inefficiency, vulnerability, and management headaches.
Eversheds Sutherland needed to govern external access across a complex international legal network spanning integrated offices, Non-Integrated Offices, external users, and business service teams. Its people needed to collaborate securely across jurisdictions and firms while handling sensitive client, matter, and business information.
Key challenges included:
- Reliance on a site-to-site VPN, adding complexity and cost.
- Fragmented identity management, with applications spread across ADFS, Entra, and a third-party provider.
- Password management challenges, leading to frequent reset issues and increased support burden.
- Manual and error-prone onboarding processes, including Active Directory account creation and group management.
- Inconsistent governance paths, with provisioning, approvals, entitlement changes, application access, and account reviews often relying on manual intervention across separate systems.
Without a modern and scalable system in place, Eversheds Sutherland recognised they faced growing security risks and operational inefficiencies. The firm needed a more consistent approach to external identity management that could support collaboration while strengthening governance, visibility, and control.
Working with Kocho, we consolidated all external access into a single Microsoft-native model that simplified how external users are onboarded and managed, strengthened governance throughout the identity lifecycle, and gave us a more consistent approach to external access across our global organisation.
Extensive discovery and detailed design
Eversheds Sutherland turned to Kocho due to their expertise in navigating legal sector challenges. Having built a strong, trusted partnership over time, Kocho was the ideal partner to modernise external access and governance.
The transformation process included:
With Kocho’s support, the project was successfully completed over the course of a year, delivering a smooth transition with minimal disruption.
Overcoming key technical challenges
The transformation required tackling complex technical barriers. Kocho delivered solutions to:
- Standardise Access Packages: A structured process simplified onboarding for external partners.
- Enhance documentation: Knowledge Base articles provided clear, step-by-step guidance.
- Develop standardised forms: A single data collection form ensured accurate partner provisioning.
- Automate governance: Scripts enforced security policies, improved compliance, supported remediation, and flagged risks.
- Seamless third-party migration: Securely transitioned access privileges while maintaining data integrity.
- Prevent unmanaged guest accounts: Controls blocked generic or unverified account creation.
- Enforce Terms of Use: Annual policy acceptance reinforced compliance and accountability.
- Automate stale account removal: Entra automatically cleans up accounts when not needed, triggering the on-premises deprovisioning process as well.
Kocho’s expertise in automation and security streamlined access management, strengthening governance and compliance.
The system lets external partners validate and justify access, enhancing security while reducing admin effort. It also gives Eversheds Sutherland clear oversight of who has access, why access was granted, who approved it, and when it should be reviewed or removed.
Results and long-term benefits
Immediate improvements:
- External suppliers could approve their own users, reducing IT overhead.
- Users accessed resources with their corporate credentials, ensuring automatic deprovisioning upon departure.
- Regular access reviews minimised security risks and enforced compliance.
- A Microsoft-native governance model was established for Non-Integrated Office users.
Long-term impact:
- Rigorous onboarding rules and a structured JML (Joiner-Mover-Leaver) process were established through Microsoft Entra ID Governance.
- A balance between automated and manual controls enabled robust access processes that reduced security risks.
- Stronger controls over external user lifecycles ensured prompt revocation of access for greater efficiency and protection of data and resources.
- Access decisions are now based on user, policy, application, and lifecycle context rather than disconnected platform-by-platform processes.
Looking ahead
The partnership between Eversheds Sutherland and Kocho successfully modernised external user governance. Fragmented legacy processes were meticulously replaced with a unified, secure, and scalable access model.
By adopting Microsoft Entra ID Governance and embedding automation throughout, the firm gained greater control over external access, reduced operational friction, and met the high compliance standards expected in the legal sector.
With this foundation in place, Eversheds Sutherland can now manage external users more securely and efficiently. The firm is well positioned to scale with confidence while maintaining a strong security posture across its broad global operations.
In doing so, Eversheds Sutherland has created a governed external access platform that can extend across new applications, user groups, and collaboration scenarios, without recreating the complexity of the legacy environment it replaced.
A clear pathway
Book your Entra ID Discovery & Roadmapping Workshop
Understand how to achieve more efficient, secure, and cost-effective identity and access management.
This is your opportunity to:
- Understand the gaps and challenges costing your organisation time and money.
- Gain a strategy that aligns identity management with your long-term business goals.
- Design an affordable solution that mitigates security risks and improves user experiences.
Got a question? Need more information?
Our expert team is here to help.