Comprehensive implementation of Cloud solutions
Comprehensive implementation of Cloud solutions
Success story: Capital.com
How Capital.com secured identity management for 1,200+ employees across 200+ applications
A case study in governance-led technology deployment, with Okta and Seiloc
About Capital.com
Capital.com is a regulated online trading platform operating across multiple jurisdictions globally. The company employs more than 1,200 people and runs close to 200 applications, the majority of which are SaaS.
Being a multi-jurisdiction financial services provider carries distinct obligations. Access controls are not a preference: they are a regulatory requirement. The systems that govern who can see what, and under what conditions, are part of Capital.com’s compliance infrastructure, not a layer added on top of it.
The challenge: access management at regulated scale
As Capital.com expanded internationally, identity and access management became harder to govern consistently. Different applications relied on different authentication methods. Access provisioning was largely manual. Across a distributed workforce operating in multiple regulated markets, this created audit risk and operational overhead.
The core requirement was clear: a single, auditable identity layer that could apply consistent security controls across the organisation , without slowing down legitimate access or creating friction for employees doing their jobs.
Four criteria shaped the selection process:
- Reliable, enterprise-grade security
- Flexible integration across a large and varied SaaS estate
- Simplified user access through SSO, reducing friction without compromising control
- The capacity to scale as the business grew and its regulatory footprint widened
The solution: centralised identity with Okta and Seiloc
Capital.com worked with Seiloc to deploy Okta as the central identity platform for its workforce. The scope covered SSO across key applications, MFA across the full user population, role-based access policies aligned to job function and regional responsibility, and simplified administration for IT teams managing a global estate.
Deployment followed a structured, phased approach. Priority applications were integrated first, with SSO and MFA flows validated before rollout widened. Business units and regions were then brought on in sequence, followed by full policy enforcement across the organisation. Seiloc provided implementation expertise throughout, managing integration, sequencing, and the transition for users across time zones.
The phased model was deliberate. Minimising disruption to operational staff was as important as the technical outcome. In a regulated environment, an identity change that creates confusion or interruption carries its own risks.
Results: governance, compliance, and reduced operational load
The deployment has strengthened Capital.com’s security posture and simplified identity operations across the business.
Operational efficiency
- Login-related helpdesk tickets fell by roughly 40–50%, driven by fewer password resets and the consolidation of authentication across applications
- IT administrators recovered several hours per week as manual provisioning was replaced by centralised, automated account management
- Employees report faster, more consistent access with fewer authentication interruptions
Compliance and audit readiness
Okta has become part of Capital.com’s compliance infrastructure. Centralised access logs give auditors a clear, consistent record. Standardised identity workflows, enforced MFA, and role-based access policies mean controls are applied uniformly across jurisdictions , while still reflecting regional requirements and individual responsibilities.
For a regulated business managing obligations across multiple jurisdictions, that consistency matters. Audit cycles that previously required manual evidence gathering are now supported by structured, automated access records.
Why it matters for regulated businesses
Identity management is not a back-office function in a financial services business. It is a control. How access is granted, governed, and audited sits directly within the scope of regulatory expectation across most major jurisdictions.
Capital.com’s deployment of Okta reflects an approach to technology investment that most regulated businesses will recognise: the question is not whether to implement strong identity controls, but how to do it in a way that holds up under audit, works at international scale, and does not create new operational risk in the process.
A phased, governance-led deployment, supported by a specialist implementation partner, proved the right model here.