CIAM at a European financial institution. Set up right once, built to last.
European Financial Institution — CIAM Migration with Bare.ID
2027 is the regulatory deadline that applies to all European financial institutions: by then, they must be able to process the European Digital Identity Wallet. For many, this means touching a CIAM infrastructure that has not been fundamentally overhauled in years — under live operations, in a regulated environment, with no room for errors in production.
Customer identity management is not a peripheral problem.
Customer Identity and Access Management (CIAM) sits behind every login, every authentication, every connection to web portals and mobile applications. Anyone working on this core operates under conditions where errors do not stay in the test system — they go into production.
esatus introduced Bare.ID as the central identity provider for a European financial institution. Bare.ID is an identity and access management product based on Keycloak and an esatus partner. The task was not just to get this product running in a regulated, security-critical environment, but to fully embed it into the existing infrastructure — across four stages, under the deployment conditions of the institution, coordinated all the way through to production.
Those who don't prepare for eIDAS 2.0 today will prepare it under pressure.
Four stages. Many dependencies. One rollout.
Bare.ID was rolled out through the financial institution's own deployment pipeline — from DEV to production. Each stage required its own configuration and its own connection to Postgres databases. At the same time, the Bare.ID instances were connected to the security-relevant systems of the infrastructure: the SIEM system for logging, Active Directory for user management, the web application firewall, and the fraud detection and prevention system.
esatus was responsible for test support and execution, project management for the entire rollout, and the creation of operating manuals so that the operating team can run Bare.ID independently after completion.
A system change only becomes reliable operations when the handover to day-to-day use is properly prepared.
Migration with an open migration path.
The installation is followed by the migration. The institution's existing CIAM solution is to be fully transferred to Bare.ID. Whether this happens as a soft migration, a big-bang migration, or another model is decided during the project based on the initial inventory. Only once it is clear what the legacy system contains — how much data, which structures, which dependencies — can a solid plan be established.
esatus takes on this entire scope: inventorying the legacy system, planning and configuring the data to be migrated, automating the migration, and verifying the results. Where parallel operation of both systems becomes necessary, this is factored in and prepared for.
The integration goes beyond the core. Bare.ID is connected to the login providers for several web portals: the corporate client area, the retail banking portal, and the international portal. In addition, mobile applications, the approval module, and the pushTan service are included. The institution's own TAN procedures are integrated into Bare.ID. Administrators are trained so that operations can be managed in-house after the project is complete.
No migration plan without an inventory. No production operation without operating documentation.
eIDAS 2.0 is not the end goal. It is the next concrete step.
The migration focus is on an area of application that is already subject to a regulatory deadline. eIDAS 2.0, the European regulation for digital identities, requires organizations to be able to process the EUDI Wallet by 2027. The financial institution is preparing its CIAM infrastructure for this now — not because the pressure is already there, but because it is easier to build an architecture that is eIDAS-ready from the start than to retrofit it later under time pressure.
The question is not whether. The question is when and how prepared.
Regulatory pressure, grown CIAM architectures, and the need to securely integrate international users — this describes a starting point that most European financial institutions will be familiar with in the coming years.
Those who approach this migration in a structured way — with a clear inventory, defined stages, and a CIAM infrastructure that factors in eIDAS 2.0 from the very beginning — make their decision today. Those who wait decide later. But under different conditions.