Skip to content
BastionSec
Contact us
Managed security · Workspace & Identity

Your workspace and identities, configured right and kept secure. Without an in-house IT team.

We secure Google Workspace or Microsoft 365, centralise access on SSO with MFA, and manage the full user lifecycle, from onboarding to offboarding. We configure and manage: the tools stay yours.

  • SSO (SAML/OIDC) with MFA across every business app, not just email.
  • Tracked onboarding/offboarding: when someone leaves, their access is closed.
  • Transparent per-user monthly fee. 'On request' for complex environments.
Contact usSee Zero Trust access

Who this is for

The 'missing middle': startups and SMBs that have grown past 10-15 people but don't yet have an in-house security or IT team. Sound familiar?

You're growing and access is a mess

Shared accounts, passwords in spreadsheets, ex-employees who still have access. We bring order and centralise it.

A client or audit asks for MFA and SSO

A due diligence or ISO 27001 path requires documented access control. We implement it for real.

Nobody actually manages the workspace

Google Workspace or Microsoft 365 is 'on' but not configured for security. We bring it into shape and maintain it.

What 'managed workspace and identity' means

Your workspace (Google Workspace or Microsoft 365) and identity system are your company's centre of gravity: email, files, schedules and access to every other app run through them. If they're misconfigured, that's where attackers get in.

We configure and manage this layer to security best practices: a centralised identity provider, strong authentication everywhere, least privilege, and a controlled user lifecycle. We don't buy licences on your behalf: subscriptions stay yours, we secure them and keep them in order, we don't resell them.

What's included

  • Google Workspace or Microsoft 365 hardening: admin settings, file sharing, anti-phishing rules, audit logs.
  • Centralised identity provider and Single Sign-On (SSO) via SAML/OIDC across all business SaaS apps.
  • Mandatory multi-factor authentication (MFA), favouring phishing-resistant factors (passkeys, security keys).
  • Business password manager (1Password / equivalent category): shared vaults, policies, controlled recovery.
  • Roles and groups managed by least privilege: each person sees only what they need.
  • Tracked onboarding and offboarding: provisioning on arrival, complete and immediate revocation on departure.
  • Baseline Data Loss Prevention (DLP): rules on external sharing, sensitive data, automatic forwarding.
  • Zero Trust access to applications: identity and device posture count at every login.

How it works

A staged method. People do the analysis and validate every configuration; tooling speeds up provisioning and evidence collection.

  1. 1

    Assessment

    We photograph how workspace, access and identity are configured today, and where you're exposed.

  2. 2

    Setup & hardening

    We configure SSO, MFA, roles, the password manager and DLP rules to best practices.

  3. 3

    Migration & adoption

    We move access under SSO without disrupting work, with a gradual rollout and user support.

  4. 4

    Management & monitoring

    We run onboarding/offboarding, review access periodically and keep an eye on the logs.

Stack & standards

We work at the technology-category level, not locked to a single vendor: collaboration suites (Google Workspace, Microsoft 365), identity and SSO providers (SAML 2.0 / OpenID Connect), business password managers (1Password category) and Zero Trust access tools.

References: NIST SP 800-207 (Zero Trust Architecture) for the access model, CIS Benchmarks for hardening Google Workspace and Microsoft 365, and least privilege as a cross-cutting principle. We describe technologies by category: we pick the right tools for your context, without claiming partnerships we don't hold.

We configure and manage. Software subscriptions and licences stay in your name: we secure them and keep them in order, we don't resell them.

Timeline & model

  1. 1

    Initial setup : project, typically 2-4 weeks

    Depends on how many apps move under SSO and on your starting point.

  2. 2

    Ongoing management : monthly per-user fee

    Onboarding/offboarding, access reviews, monitoring and updates included.

  3. 3

    Complex environments : on request

    Multiple domains, HR integrations, specific compliance requirements: we size it together.

When you write to us we tell you what you actually need and give you an honest 'from' price.

Frequently asked

Does it work with both Google Workspace and Microsoft 365?

Yes. We work on both suites and configure the identity provider and SSO consistently, whatever you choose. If you don't have one yet, we help you decide based on your context.

Do you buy the software licences?

No. Subscriptions stay in your name: we configure, secure and manage, but we don't resell licences. That way you keep control and ownership of your tools.

What's the difference between MFA and SSO?

SSO (SAML/OIDC) centralises access to all apps on a single identity; MFA adds a second factor to verification. Together they sharply reduce the risk of compromised accounts: we implement both.

What happens when an employee leaves?

With a centralised identity provider and SSO, deactivating one account closes access to every connected app in a single step. It's one of the main reasons centralising access pays off.

Is this useful for ISO 27001 certification?

Access control, MFA and identity management are core Annex A controls. Configuring them well makes the ISO 27001 path much smoother and provides concrete evidence.

Could the migration disrupt work?

We plan a gradual rollout, with fallbacks and user support. The goal is to raise security without stopping operations: no risky 'big bang' switches.

Go deeper

Zero Trust access

Identity, device and network evaluated at every access, per NIST SP 800-207. The model that ties it all together.

Learn more

Managed devices

MDM, CIS baselines, EDR and endpoint compliance. Identity protects access, the device protects the entry point.

Learn more

ISO 27001

Access control is an Annex A pillar: this service makes the certification path much easier.

Learn more

Let's secure your access and identities. Talk to us.

Tell us your need: we tell you where you're exposed and what you actually need, honestly.

Contact us