IDENTITY & ACCESS MANAGEMENT

You're about to close your first enterprise deal — then security asks for SSO

I help you go from security review to compliant — with SSO and SCIM in your .NET SaaS. Without vendor lock-in. Without per-connection fees. Without your team having to become identity experts.

I'm Chaïm. I make sure your team owns it when I'm done.

15-20 days Enterprise-ready SSO
Your .NET code No vendor lock-in
Handover Your team owns it

Got a security questionnaire on your desk? I'll tell you exactly what you need.

Send your security questionnaire How it works
Chaïm Zonnenberg
"Got up to speed exceptionally fast and consistently made the right calls" - Cees, Software Architect at multinational
"Proactive is his motto. Picks up what matters and doesn't let go until it's resolved" - Robert, IT Team Lead at financial institution
"Advised the board and shaped the software architecture direction" - Chantal, IT Operations Director

The impact of the right expertise

Why struggle with security questionnaires when you're compliant from day one?
Current situation
The bottlenecks slowing your growth
That enterprise deal you worked on for months? Stuck at security review.
You know SSO and SCIM need to happen, but it doesn't fit anywhere on the roadmap.
Your best developers are Googling OAuth2 specs instead of building features.
Every new customer means manually creating accounts and hoping nothing breaks.
Your competitors can answer "Yes" on that security questionnaire. You can't. Yet.
With Software Assist
Enterprise-ready and scalable
Security questionnaire? Sales checks "Yes" across the board. Deal closed.
ISO 27001, NIS2, SOC 2 – you're compliant and you know it.
Enterprise customers log in through their own Entra ID. It just works.
500 users? Provisioned automatically via SCIM. No more manual work.
Your team understands the code and onboards new customers independently.

Recognize this?

Send your security questionnaire
Chaïm Zonnenberg

I'm Chaïm Zonnenberg. 20+ years in .NET, 2x cum laude university degree, Microsoft Certified Identity & Access Associate, 4 SSO implementations at organisations like ABN AMRO. I also build my own SaaS products with 135+ paying customers. I work 2 days a week with your team, deliver fast, and transfer everything.

More about me

This is not for everyone

I work with .NET SaaS companies that are ready to serve enterprise customers. That means this is probably not a fit if:

You don't have enterprise prospects yet. If no one is asking for SSO, it's too early.
You want a quick hack. I build production-grade implementations, not shortcuts that break at scale.
You plan to outsource identity long-term. I do handover, not staff augmentation.
Your stack is not .NET. My expertise is specifically in the .NET ecosystem.
Good fit? You're a .NET SaaS company with a real enterprise deal on the table, and you need SSO and/or SCIM to close it.

How I work

From audit to enterprise-ready in weeks, not months
1

Audit

I review your current authentication stack, database model, and target customers' identity providers. You get a concrete plan: what needs to change, what stays, and how long it takes.

2

Implement

I build SSO (OpenID Connect) and SCIM endpoints in your .NET application. I integrate with your existing user model. Your team reviews every PR. No black box.

3

Onboard

I help you onboard your first enterprise customer. We test the SSO flow with their Azure Entra ID or Auth0 tenant, verify SCIM provisioning, and make sure their security team signs off.

4

Handover

I transfer knowledge to your team so they independently manage the identity integration, onboard new customers, and troubleshoot issues.

Have a security questionnaire on your desk right now?

Send it over Call me

Experience & references

20+ years at ABN AMRO, PGGM, Van Lanschot & more  ·  2x cum laude university  ·  Microsoft Certified Identity & Access

Previous clients
ABN AMRO
PGGM
Zepcam
Van Lanschot
Florius
Moneyou
DTZ
Kadenza
Hobaho
Own SaaS products
Factuur-Assist.nl 135+ customers

Invoicing app for freelancers and small businesses. Simple and fast invoicing.

View product
Invullen.nl Pilot 2026

Exploratory questionnaires for coaches and trainers. Know where your participants stand before the session.

View product

What I bring

  • Multiple secure token services built from scratch using IdentityServer4, OpenIddict, and custom implementations. I know where each one breaks.
  • SCIM 2.0 provisioning endpoints for user and group provisioning that work with Azure Entra ID and Auth0. Tested against real enterprise tenants.
  • IdentityServer4 migrations because the open-source version is no longer maintained. I've migrated applications to Duende IdentityServer and OpenIddict.
  • 20+ years in .NET and enterprise software at major financial institutions and government organisations. I understand enterprise requirements because I've worked inside them.
  • Microsoft Entra test environment setup. I set up a separate Microsoft Entra test tenant for SSO and SCIM so you develop and test without touching production.
  • Own SaaS products in production. I run Invullen.nl and Factuur-Assist.nl on Azure. I implement identity for my own products too.

Where my SSO and SCIM implementations run

Government / law enforcement
10,000+ employees
Transport / public infrastructure
3,000+ employees
Financial services / banking
300,000+ customers
Education / national assessment
8,000+ participants/year

Three ways to get started

Every engagement starts with an audit. Pick the scope that fits your situation.
Identity audit
Know where you stand
3-5 workdays
includes report and plan
Get Started
What's included
  • Review of current auth stack
  • Gap analysis for enterprise readiness
  • Concrete implementation plan
  • Effort estimate per component
SSO implementation
Pass the security review
15-20 workdays
typical for a modern .NET stack
Get Started
Includes audit, plus:
  • OpenID Connect SSO integration
  • Multi-tenant support
  • First enterprise customer onboarded
  • Knowledge transfer to your team
SSO + SCIM
Full enterprise identity
25-30 workdays
typical for a modern .NET stack
Get Started
Includes SSO, plus:
  • SCIM 2.0 user provisioning
  • SCIM group provisioning
  • Azure Entra ID + Auth0 tested
  • Knowledge transfer to your team
Not sure which scope fits? Start with the audit. You get a clear picture without committing to a full implementation.
Complex legacy auth stack? That's what the audit is for. You'll know exactly what it takes and how long it'll take — no surprises mid-project.

Ready to unblock your enterprise deal?

Send your security questionnaire Call me

Articles

In-depth technical content on identity in .NET

IdentityServer4 is no longer maintained. I compare Duende IdentityServer, OpenIddict, and Azure Entra ID, with practical migration advice.

Read article

What SCIM is, why you need it, and how to build SCIM endpoints in .NET. No more manually creating accounts for 500 employees.

Read article

WorkOS charges $125/connection/month. Keycloak is a separate Java stack. I compare the options with building custom in .NET: cost, control, data sovereignty and vendor lock-in.

Read article

Ready to check "Yes" on every security questionnaire?

Send me your security questionnaire or describe your situation. Within a day, you know what's needed and how long it takes.

Send your security questionnaire Call me

Chaïm Zonnenberg | .NET Developer & Identity Specialist | Available 2 days per week