.png)
Standardizing SAP identity and access governance for a global cosmetics leader
The client
L'Oréal, a global beauty and cosmetics leader, owns 36 brands and employs a global workforce of more than 90,000 people. Founded in 1909, it has built its success on a long-standing strategy of innovation, international expansion, and acquisitions. Technologically, L'Oréal operates a complex global SAP environment encompassing a wide range of applications and business processes across factories and premises.
“
It's a long-lasting partnership. We were strongly for this migration, so we needed somebody we could trust. So we chose Turnkey."
Challenge
To maintain and modernize its approach to identity and access governance in SAP for factory operations, L'Oréal sought to migrate from an internally built governance legacy tool to a Saviynt-based Identity Governance and Administration (IGA) program.
L'Oréal’s SAP migration into Saviynt had to balance the preferred pathways of two different stakeholders. Internal IT leadership favored a fast, cost-efficient, ‘lift and shift’ approach to migration. On the other hand, the Global Internal Control Leader advocated for a more proactive approach to better address existing challenges.
These challenges included:
- Role alignment: Inconsistencies had emerged between role assignments, where employees with identical job titles had different access depending on which factory they operated from. While roles were presented to users in similar ways, each facility selected and combined access independently.
- Maturity variation: Different factories had a higher level of maturity than others, with some using standardized global processes and others relying on local ways of working. All factories needed to align under a flexible global standard that provided consistency and accommodated local differences.
- Migration at scale: Each factory needed a migration methodology flexible enough to support its scale without losing control of quality. This meant navigating the practicalities of funding, project scoping, and local engagement.
Solution
L'Oréal partnered with Turnkey Consulting to deliver a comprehensive migration of SAP access governance into Saviynt that aligned both the technical and business needs of its factories and HQ operations.
The work began with a detailed analysis of data quality in L'Oréal’s legacy tool to establish a clear baseline of how roles were assigned across different factories and countries. From this assessment, Turnkey developed a flexible methodology that allowed each factory to choose either a light-touch ‘lift and shift’ migration or a full transformation with roles reviewed and updated. Both scenarios aligned to a comprehensive core model for SAP access that Turnkey built based on one of L'Oréal’s best-of-breed factories. This involved creating detailed role libraries and assignments aligned to business processes and HR job roles and standardizing identity attributes to ease the migration process into Saviynt.
Turnkey conducted structured workshops with each factory to review current access, confirm the preferred migration scenario, and align local IT, business, and internal control stakeholders. After classifying each factory’s migration as ‘simple’, ‘intermediate’ or ‘complex’, the migration was planned and priced accordingly, with Turnkey working closely with factory teams throughout.
Turnkey then prepared factory-specific role and user data, incorporating consistent identity attributes and birthright access rules to produce migration-ready datasets. This ensured each factory could migrate efficiently while remaining aligned to the global authorization model and governance framework.
After preparing the data and initiating the migration process, Turnkey remained in regular contact with each factory and IGA team, monitoring and resolving any issues throughout the hypercare period.
“
Given the size of the accounts involved, I would have expected the migration to be less smooth. It actually went very well and was a great surprise.”
Results
The core global authorization model enabled L’Oreal to standardize SAP access across more than 40 factory and non-factory environments worldwide, while accommodating the unique demands and maturity levels of each individual facility. Turnkey’s flexible methodology supported the successful migration of around 10,000 identities in under six months, building confidence in each factory to adopt the new framework and improving long-term maintainability and internal capability for future initiatives.
Benefits
The successful, flexible migration unlocked benefits for L'Oréal, including:
- Standardized global authorization: With a business-aligned access model that worked for every factory, all stakeholders could benefit from clear, consistent roles in line with business processes, and based on a shared common language for access.
- A flexible path to Saviynt: The migration methodology put factories in control of choosing their most suitable migration. This helped speed up acceptance and adoption and drove transformation where it was needed in complex environments, without compromising on standards at a global level.
- Improved identity governance: Integrating job role data from the HR identity system supported birthright provisioning, consistent global identity attributes, and clearer role selection for users. This means factories can now compare access models, helping them identify gaps and maintain long-term consistency.