RJ Autonomous logoRJ Autonomous
Case Study

Apex Steward — AI-Augmented IAM Governance

A multi-tenant IAM governance platform built for mid-market security teams, where AI ingestion turns vendor documentation and policy PDFs into a working role matrix, application inventory, phased rollout plan, and NIST CSF-aligned maturity dashboard — collapsing what used to be a multi-month consulting engagement into days.

Quick Overview

Multi-Tenant SaaS Platform

Apex Steward is live and deployed as a productized SaaS platform. Demo accounts are issued on request. This case study illustrates how RJ Autonomous turns a hard internal-tool problem into shippable software with measurable economics.

The Problem

What needed to be fixed.

Mid-market security teams (roughly 250 to 2,500 employees) are stuck in the IAM governance gap. Spreadsheets and Confluence pages don't scale, but enterprise IGA platforms like SailPoint and Saviynt routinely run $150,000 to $500,000 in implementation fees with six- to nine-month rollouts. The manual work itself is the bottleneck — an IAM analyst typically spends around 8 hours transcribing a single vendor doc or policy PDF into a structured role matrix, and a typical mid-market org has 30 to 50 of those documents. The result: governance projects stall, audits slip, and access reviews happen in spreadsheets that nobody trusts.

What We Did

How we tackled it.

We built Apex Steward as a multi-tenant SaaS platform purpose-built for that gap. The core differentiator is an AI ingestion pipeline — Voyage AI for embeddings, Anthropic Claude for extraction, and a custom blend-diff algorithm that reconciles AI output with anything an analyst has already authored. Upload a PDF or DOCX and roles, applications, entitlements, and policy statements land in the workspace already structured. A live NIST CSF-aligned maturity dashboard scores the program across identity lifecycle, access governance, privileged access, monitoring, and compliance, and the phased implementation plan reorders itself based on what the data actually says.

How We Built It

The approach and structure we used.

Here's how we thought about the implementation, the choices we made, and how we delivered it—without sharing anything that would compromise client privacy.

01

Approach 1

Designed a multi-tenant architecture with per-workspace database isolation so a single account can govern multiple business units, subsidiaries, or compliance scopes without data bleed.

02

Approach 2

Built the AI ingestion pipeline around Voyage AI embeddings and Anthropic Claude extraction, with a blend-diff reconciliation layer so AI output never overwrites manual analyst work.

03

Approach 3

Modeled the IAM governance primitives — workspaces, role matrices, application inventories, entitlements, phased plans — as first-class entities that stay in sync across the maturity dashboard.

04

Approach 4

Hardened the security posture for buyer due diligence: JWT auth with HTTP-only Secure cookies, end-to-end TLS, AWS Systems Manager Parameter Store for secrets, KMS-scoped access, and audit logs on all governance changes.

The Stack

Tools and platforms we used.

TypeScriptReact 18Node.js 20ExpressPrismaTailwind CSSAWS Elastic BeanstalkCloudflareVoyage AIAnthropic Claude
The Results

What this created for the business.

  • Document ingestion compressed from roughly 8 hours of manual transcription per policy to about 30 minutes of analyst review — a ~94% reduction in per-document effort.
  • At a blended IAM analyst rate of $100/hr, that's roughly $750 saved per document. For a mid-market org ingesting 40 vendor docs and policies, the ingestion phase alone saves on the order of $30,000 in labor.
  • Replaces $150,000 to $500,000 enterprise IGA implementations with a packaged platform priced for mid-market budgets — typical total cost of ownership is reduced by 70% or more in year one.
  • First-pass maturity assessment lands in week one instead of month six, shrinking time-to-value from a 6–9 month consulting engagement to a matter of days.
  • Single source of truth for audits — internal audit teams stop assembling binders of screenshots and pull a live, exportable role matrix and maturity report instead.
About the Metrics

We share what matters, keeping the sensitive details private.

Per-customer numbers are confidential, but the labor and TCO figures above are modeled on standard mid-market IAM analyst rates and published enterprise IGA implementation ranges. Actual savings vary with document volume, identity count, and application footprint — book a demo and we'll model it against your environment.