Assessment & Roadmap - Figure out where you stand and what to fix first
Every identity environment we have walked into had more problems than the team expected and fewer than they feared. The assessment produces a numbered list: here is what is broken, here is what is risky, here is what can wait. Quick Scan: $3,000 to $5,000, one week. Full Assessment: $15,000 to $50,000.
You already know the identity setup is not where it should be. What you do not know is which gaps are actually dangerous, which are cosmetic, and what order to fix them in. That is what the assessment produces: a prioritized list with enough detail to act on, not a 60-page PDF that sits in a shared drive.
Something triggered this. An audit is coming and you are not ready. A new hire waited four days for access. Someone left three months ago and still has an active admin account in your billing system. Or you just acquired a company and inherited an identity environment nobody documented. You know there are problems. You do not know how many, or which ones to fix first.
The cost of waiting
Right now, you are making decisions with incomplete information. The audit prep scramble every quarter is a symptom. The automation project that keeps getting deferred is a symptom. The security gaps nobody inventoried — also a symptom. You cannot sequence the work until you can see the whole picture. That is what the assessment produces. After that, you can decide what to fix yourself and what to bring us in for.
The work
Quick Scan: $3K to $5K, 1 week
Automated discovery and analysis of your identity environment. You give us read-only access. We run automated tooling against your IDP, connected applications, and directory. You get a short findings report with the biggest problems, severity ratings, and recommended next steps. This is a fast read on where you stand, not a full assessment.
Full Assessment: $15K to $50K, 2 to 4 weeks
A structured review of your current identity environment: who has access to what, how it is provisioned, what is stale, and where the gaps are. Covers IDP configuration, lifecycle automation, entitlement sprawl, and compliance readiness. You get a written findings report with a prioritized remediation roadmap.
Architecture Roadmap: $15K to $25K, 2 to 3 weeks
You know what needs to change but not what order to do it in. We map the current state, design the target architecture, and build a sequenced plan with dependencies so your team is not guessing at what to tackle first. Includes platform evaluation guidance if a change is warranted.
Vendor Selection Sprint
Vendor demos are designed to make everything look easy. We write demo scripts based on your actual use cases so you are evaluating vendors against your environment, not theirs. Requirements gathering, RFP drafting, weighted scoring. If it makes sense, we run a short POC before you commit.
At a glance
| Service | Duration | Price | Best for |
|---|---|---|---|
| Identity Quick Scan | 1 week | $3,000 to $5,000 | Fast, low-commitment read before deciding on a deeper engagement |
| Identity Hygiene Assessment | 2 to 4 weeks | $15,000 to $50,000 | Full picture of what is broken, stale, or out of compliance |
| Architecture Roadmap | 2 to 3 weeks | $15,000 to $25,000 | Sequenced plan with architecture guidance before committing to execution |
| Vendor Selection Sprint | 2 to 4 weeks | Contact for pricing | Structured evaluation with demo scripts based on your actual use cases |
These are the assessment-track services. persona.how also offers automation, governance, migration, and advisory engagements. See all services.
Deliverables
- Automated discovery of IDPs, directories, and connected applications
- Top findings report with severity ratings
- Stale account and entitlement sprawl summary
- MFA coverage and configuration gaps
- Recommended next steps (what to fix now, what needs deeper assessment)
- Environment inventory (IDPs, directories, connected applications, protocols in use)
- Entitlement sprawl analysis (orphaned accounts, over-provisioned access, stale service accounts)
- Prioritized remediation roadmap
- Compliance gap summary (mapped to your target framework if applicable)
- Current-state assessment summary
- Target-state architecture recommendation
- Platform evaluation (if a change is warranted)
- Phased roadmap with dependencies and sequencing
- Effort estimates for each phase
- Risk register for identity-related gaps
- Requirements document, RFP, weighted scoring matrix, and vendor scorecard (vendor selection)
Typical engagement
- Shape
- Fixed scope
- Duration
- 1–4 weeks depending on tier
- Price
- $3K–$50K depending on scope
What shipped
Hired to assess provisioning at a mid-size technology company. Found the provisioning gap they expected, but the bigger issue was governance: entitlements tracked in spreadsheets, no validation, no audit trail. The assessment re-prioritized the roadmap — governance first, provisioning second. They ended up engaging us for both. The governance system now runs 90+ automated validations. The provisioning problem got fixed too, in the right order.
Common questions
How much does an identity assessment cost?
Quick Scan $3,000 to $5,000, 1 week. Full Assessment $15,000 to $50,000, 2-4 weeks. Architecture Roadmap $15,000 to $25,000, 2-3 weeks.
What is the difference between the Quick Scan and the full assessment?
Quick Scan is automated discovery, read-only access, 10-15 page findings report in one week. Full assessment is hands-on analysis covering lifecycle automation and compliance in depth with a remediation roadmap.
What do I get at the end?
Findings report with severity ratings, environment inventory, entitlement sprawl analysis, prioritized remediation roadmap. For Architecture Roadmap, also target-state architecture and phased execution plan.