The Modernization Mandate
Asplundh Tree Expert Co. is one of North America's leading utility infrastructure and vegetation management companies, employing more than 37,000 people across the United States and Canada. Like many enterprises of its scale, Asplundh had built its identity infrastructure over decades — layering ISIM and ISAM deployments on top of each other as the business grew.
By the time SPS engaged with their IT leadership, the environment had become a liability. Forty-plus physical and virtual servers were required just to keep identity running. Every patch cycle consumed weeks of IT capacity. Every audit required manual extraction of evidence scattered across disparate systems.
Relying on aging on-premise infrastructure was no longer viable for an enterprise requiring 24/7 operational reliability across hundreds of field offices and worksites.
"The burden of maintaining 40+ physical and virtual servers was draining OpEx and exposing us to unnecessary operational risks. We needed to modernize — and we needed to do it without touching our workforce's ability to log in."— Asplundh IT Leadership
Why SPS and IBM Verify
Asplundh's evaluation process identified two non-negotiables: the solution had to be enterprise-grade, and the implementation partner had to have deep ISIM/ISAM migration experience. Most vendors could offer the platform. Very few could offer the migration expertise.
SPS was selected on the strength of three differentiators:
In the IBM IAM business since 1998
Over two decades of IBM Identity and Access Management experience — including the legacy systems being replaced.
16-year average team experience
SPS architects averaged 16 years working specifically with IBM IAM tooling — not generic IAM consultants, but IBM specialists.
IBM Verify Co-Create Program participants
SPS is an active participant in IBM's co-creation program, giving direct insight into platform capabilities and roadmap.
IBM Verify SaaS was the clear platform choice — offering the depth of governance and provisioning that Asplundh's environment required, with the operational simplicity of a fully managed cloud service.
The Challenge: Legacy Complexity at Scale
Asplundh's ISIM/ISAM environment was not a clean deployment. Over years of growth and acquisition, the system had accumulated:
- 100+ OIDC application integrations, many with custom configuration
- Bespoke JavaScript lifecycle rules encoding complex business logic
- Multiple LDAP directory integrations across disparate geographies
- Custom approval workflows for high-risk access requests
- Decades of accumulated policy objects and role definitions
A lift-and-shift was impossible — the target platform is fundamentally different. Every element needed to be inventoried, understood, re-engineered, and validated from scratch.
The 3-Phase Migration Roadmap
SPS structured the migration across three distinct phases, with clear gates between each to ensure no progress was made until the prior phase was fully validated.
Planning & Assessment
Defining the blueprint through rigorous auditing and stakeholder alignment.
Pilot & UAT
Validating core functionalities in a controlled environment before full rollout.
Full Migration & Cutover
Executing the final transition with surgical precision and zero disruption.
Comparative Transformation Analysis
The before-and-after contrast illustrates the operational and security improvements achieved through the migration.
Before: Legacy ISIM/ISAM
40+ physical and virtual servers consuming significant OpEx and energy
IT staff consumed by repetitive patching, maintenance, and manual operations
Static authentication rules with no risk-based intelligence
Slow response to business scalability requirements during peak hiring
Manual audit evidence collection scattered across multiple systems
After: IBM Verify SaaS
Zero on-premise infrastructure — fully managed cloud delivery with 99.99% SLA
IT team redirected to strategic projects — no maintenance overhead
AI-driven risk scoring for adaptive MFA — security without friction
Elastic cloud scale — 37,000+ identities managed seamlessly
Continuous compliance reporting — automated, always current
The Result: 100% Cloud-Native Identity
The migration was completed on schedule and without a single authentication outage impacting Asplundh's workforce. Every OIDC integration was migrated. Every lifecycle rule was re-engineered and validated. All 40+ legacy servers were decommissioned.
Today, Asplundh's 37,000+ employees authenticate through IBM Verify SaaS — with adaptive MFA, centralized SSO, and automated lifecycle management. The IT team that once spent weeks every quarter on identity infrastructure maintenance now focuses on strategic capability development.
The engagement stands as a reference case for large-scale ISIM/ISAM to IBM Verify migrations — proof that with the right expertise, even the most complex legacy environments can be migrated to the cloud without business disruption.
"SPS demonstrated a level of IBM IAM expertise we hadn't seen elsewhere. They understood our legacy system deeply enough to know what it would take — and delivered exactly what they promised."— Asplundh IT Leadership