IDENTITY & ACCESS MANAGEMENT

You're about to close your first enterprise deal, then security asks for SSO

I build SSO and SCIM into your .NET SaaS, so you pass the security review. Without vendor lock-in, without per-connection fees, and without your team having to become identity experts.

I'm Chaïm. I make sure your team can run it themselves once I'm done.

15-20 days Enterprise-ready SSO
Your .NET code No vendor lock-in
Handover Your team owns it

Got a vendor security assessment on your desk? I'll tell you exactly what you need.

Send your security assessment How it works
Chaïm Zonnenberg
"Got up to speed exceptionally fast and consistently made the right calls" - Cees, Software Architect at multinational
"Proactive is his motto. Picks up what matters and doesn't let go until it's resolved" - Robert, IT Team Lead at financial institution
"Advised the board and shaped the software architecture direction" - Chantal, IT Operations Director

The impact of the right expertise

Why struggle with vendor security assessments when you can clear them from day one?
Current situation
The bottlenecks slowing your growth
That enterprise deal you worked on for months? Stuck at security review.
You know SSO and SCIM need to happen, but it doesn't fit anywhere on the roadmap.
Your best developers are Googling OAuth2 specs instead of building features.
Every new customer means manually creating accounts and hoping nothing breaks.
Your competitors can answer "Yes" on that vendor security assessment. You can't. Yet.
With Software Assist
Enterprise-ready and scalable
The vendor security assessment is no longer a blocker. You answer every question with a well-supported "yes".
You meet the identity requirements that ISO 27001, NIS2, and SOC 2 set.
Enterprise customers log in through their own Entra ID. No friction.
Hundreds of users provisioned and deprovisioned automatically via SCIM. No manual work.
Your team understands the code and onboards new customers independently.

Recognize this?

Send your security assessment
Chaïm Zonnenberg

I'm Chaïm Zonnenberg. 20+ years in .NET, 2x cum laude university degree, Microsoft Certified Identity & Access Associate, 4 SSO implementations at organisations like ABN AMRO. I also build my own SaaS products with 135+ paying customers. I work 2 days a week with your team, deliver fast, and transfer everything.

More about me

This is not for everyone

I work with .NET SaaS companies that are ready to serve enterprise customers. That means this is probably not a fit if:

You don't have enterprise prospects yet. If no one is asking for SSO, it's too early.
You want a quick hack. I build production-grade implementations, not shortcuts that break at scale.
You plan to outsource identity long-term. I do handover, not staff augmentation.
Your stack is not .NET. My expertise is specifically in the .NET ecosystem.
Good fit? You're a .NET SaaS company with a real enterprise deal on the table, and you need SSO and/or SCIM to close it.

How I work

From audit to enterprise-ready in weeks. Four steps, no loose ends.
1

Audit

I review your current authentication stack, database model, and target customers' identity providers. You get a concrete plan: what needs to change, what stays, and how long it takes.

2

Implement

I build SSO (OpenID Connect) and SCIM endpoints in your .NET application. I integrate with your existing user model. Your team reviews every PR. No black box.

3

Onboard

I help you onboard your first enterprise customer. We test the SSO flow with their Azure Entra ID or Auth0 tenant, verify SCIM provisioning, and make sure their security team signs off.

4

Handover

I transfer knowledge to your team so they independently manage the identity integration, onboard new customers, and troubleshoot issues.

Have a vendor security assessment on your desk right now?

Send it over Call me

Experience & references

20+ years at ABN AMRO, PGGM, Van Lanschot & more  ·  2x cum laude university  ·  Microsoft Certified Identity & Access

Previous clients
ABN AMRO
PGGM
Zepcam
Van Lanschot
Florius
Moneyou
DTZ
Kadenza
Hobaho
Own SaaS products
Factuur-Assist.nl 135+ customers

Invoicing app for freelancers and small businesses. Simple and fast invoicing.

View product
Invullen.nl Pilot 2026

Exploratory questionnaires for coaches and trainers. Know where your participants stand before the session.

View product

What I bring

  • Multiple secure token services built from the ground up using IdentityServer4, OpenIddict, and custom implementations. I know how to set them up and where the pitfalls are.
  • SCIM 2.0 provisioning endpoints for user and group provisioning that work with Azure Entra ID and Auth0. Tested against real enterprise tenants.
  • Two IdentityServer4 migrations to OpenIddict because the open-source version is no longer maintained. I know what breaks during that switch, and how to test it so all connected systems keep running throughout.
  • 20+ years in .NET and enterprise software at major financial institutions and government organisations. I understand enterprise requirements because I've worked inside them.
  • Microsoft Entra test environment setup. I set up a separate Microsoft Entra test tenant for SSO and SCIM so you develop and test without touching production.
  • Own SaaS products in production. I run Invullen.nl and Factuur-Assist.nl on Azure. I implement identity for my own products too.

Where my SSO and SCIM implementations run

Government / law enforcement
10,000+ employees
Transport / public infrastructure
3,000+ employees
Financial services / banking
300,000+ customers
Education / national assessment
8,000+ participants/year

Three ways to get started

Every engagement starts with an audit. Pick the scope that fits your situation.
Identity audit
Know where you stand
3-5 workdays
includes report and plan
Get Started
What's included
  • Review of current authentication stack
  • Gap analysis for enterprise readiness
  • Concrete implementation plan
  • Effort estimate per component
SSO implementation
Pass the security review
15-20 workdays
typical for a modern .NET stack
Get Started
Includes audit, plus:
  • OpenID Connect SSO integration
  • Multi-tenant support
  • First enterprise customer onboarded
  • Knowledge transfer to your team
SSO + SCIM
Full enterprise identity
25-30 workdays
typical for a modern .NET stack
Get Started
Includes SSO, plus:
  • SCIM 2.0 user provisioning
  • SCIM group provisioning
  • Azure Entra ID + Auth0 tested
  • Knowledge transfer to your team
Not sure which scope fits? Start with the audit. You get a clear picture without committing to a full implementation.
Complex legacy auth stack? That's where the audit starts. You'll know up front exactly what it costs and how long it takes. No surprises halfway through.

Ready to unblock your enterprise deal?

Send your security assessment Call me

Articles

In-depth technical content on identity in .NET
Signpost pointing away from a crossed-out IdentityServer4 toward Duende IdentityServer, OpenIddict and Azure Entra ID
Identity & SSO March 11, 2026 · 6 min

Replacing IdentityServer4 in .NET: Duende, OpenIddict or Azure Entra ID

IdentityServer4 is end of life. Compare Duende IdentityServer, OpenIddict and Azure Entra ID and migrate your .NET token service safely.
Diagram of SCIM automated provisioning between an identity provider (Azure Entra ID, Auth0) and a SaaS application
Identity & SSO March 4, 2026 · 9 min

SCIM Provisioning in .NET: Automate Enterprise Onboarding

Build SCIM 2.0 provisioning endpoints in ASP.NET Core so Azure Entra ID and Auth0 automate user account creation. No more manual enterprise onboarding.
Scale weighing WorkOS, Keycloak and Auth0 against custom .NET on cost, lock-in and data sovereignty
Identity & SSO February 25, 2026 · 4 min

WorkOS, Keycloak or custom .NET? Choosing SSO for your SaaS

WorkOS charges $125 per connection per month. Compare WorkOS, Keycloak, Auth0 and custom .NET on cost, lock-in and data sovereignty.

Ready to clear every vendor security assessment?

Send me your vendor security assessment or describe your situation. Within a day, you know what's needed and how long it takes.

Send your security assessment Call me

Chaïm Zonnenberg | .NET Developer & Identity Specialist | From September: room for 1-2 new teams