Modernising secure external access for a global law firm

With a vast international footprint and a reputation for legal excellence, the firm took a strategic decision to modernise its external user access approach. Aware that legacy VPNs and manual processes were limiting efficiency and increasing risk, they proactively sought to enhance governance, security, and user experience across global operations.

By partnering with longstanding technology partner, Kocho, and leveraging Microsoft Entra ID Governance and Azure Logic Apps, they were able to:

• Streamline self-service external user onboarding.
• Eliminate the need for maintaining credentials while ensuring security.
• Implement effective controls for timely supplier access removal.
• Remove dependency on costly VPN solutions.

Challenge: Securing external access in a complex global environment

The growth of the organisation had outgrown its legacy external access system; resulting in unreliability, inefficiency, vulnerability, and management headaches.

Key challenges included:

• Reliance on a site-to-site VPN, adding complexity and cost.
• Fragmented identity management, with applications spread across ADFS, Entra, and a third-party provider.
• Password management challenges, leading to frequent reset issues and increased support burden.
• Manual and error-prone onboarding processes, including Active Directory account creation and group management.

Without a modern and scalable system in place, they faced growing security concerns and operational inefficiencies.

Extensive discovery and detailed design

The organisation turned to Kocho due to their expertise in navigating legal sector challenges. Having built a strong, trusted partnership over time, Kocho was the ideal partner to modernise external access and governance.

The transformation process included:

With Kocho’s support, the project was successfully completed over the course of a year, delivering a smooth transition with minimal disruption.

Overcoming key technical challenges

The transformation required tackling complex technical barriers. Kocho delivered solutions to:

• Standardise Access Packages – A structured process simplified onboarding for external partners.
• Enhance documentation – Knowledge Base articles provided clear, step-by-step guidance.
• Develop standardised forms – A single data collection form ensured accurate partner provisioning.
• Automate governance – Scripts enforced security policies, improved compliance, and flagged risks.
• Seamless third-party migration – Securely transitioned access privileges while maintaining data integrity.
• Prevent unmanaged guest accounts – Controls blocked generic or unverified account creation.
• Enforce Terms of Use – Annual policy acceptance reinforced compliance and accountability.
• Automate stale account removal – Entra automatically cleans up accounts when not needed, triggering the on-premises deprovisioning process as well.

Kocho’s expertise in automation and security streamlined access management; strengthening governance and compliance.

The new system lets external partners validate and justify access, enhancing security while reducing admin effort.

Tangible results and long-term benefits

Immediate improvements:

• External suppliers could approve their own users, reducing IT overhead.
• Users accessed resources with their corporate credentials, ensuring automatic deprovisioning upon departure.
• Regular access reviews minimised security risks and enforced compliance.

Long-term impact:

• Rigorous onboarding rules and a structured JML (Joiner-Mover-Leaver) process were established through Microsoft Entra ID Governance.
• A balance between automated and manual controls enabled robust access processes that reduced security risks.
• Stronger controls over external user lifecycles ensured prompt revocation of access for greater efficiency and protection of data and resources.

Looking ahead

The partnership between the organisation and Kocho successfully modernised external user governance. Fragmented legacy processes were meticulously replaced with a unified, secure, and scalable access model.

By adopting Microsoft Entra ID Governance and embedding automation throughout, the firm gained greater control over external access, reduced operational friction, and met the high compliance standards expected in the legal sector.

With this foundation in place, the organisation can now manage external users more securely and efficiently. Ensuring that they remain well positioned to scale with confidence while maintaining a strong security posture across their broad global operations.