Provisum is built for self-onboarding. No implementation project, no consulting engagement, no months of setup. Your team drives the migration — the platform handles the analysis.
No data warehouse, no ETL pipeline, no prior configuration needed.
Runs in your browser. No agent to install, no VPN required.
Most migration programs complete the core onboarding in under a week. Here's exactly what that looks like.
Pull a user-role extract from your source system — SAP, Oracle, or whatever you're migrating from. Provisum accepts CSV or Excel. No special format required, no data warehouse needed.
Typical extract: 30 minutes with your basis team
Paste or import the list of roles you're mapping to in your target system. If your security design isn't finalized yet, you can start with a draft and update roles as the design evolves.
Roles can be updated at any point without re-running AI
Provisum clusters your users into security personas based on their actual permission patterns — not just role names. You get a persona report showing how many users each cluster covers and how internally consistent each cluster is.
1,000-user population takes a few minutes to process
The mapping workspace shows each persona's permission profile alongside candidate target roles. AI auto-maps the high-confidence cases. Your mappers review and decide on the rest. Confidence scores surface exactly where human judgment is needed.
Most teams complete initial mappings in 2–5 days
Provisum runs segregation of duty analysis against every mapping automatically. Conflicts are flagged with severity scoring. Your team resolves them in the platform — with decisions logged and attributed for audit.
SOD analysis runs continuously as mappings change
Mappings route through your defined approval workflow — mapper submits, approver reviews, coordinator tracks. Once approved, export audit-ready documentation in CSV, Excel, PDF, or GRC format.
Approval timelines depend on your organization's review process
Traditional role mapping tools assume a systems integrator is running the engagement. Configuration is complex, training takes weeks, and the tool only works well for the consultants who know its quirks.
Provisum is designed for the internal team — the security architects, project managers, and business process owners who actually own the migration outcome. The interface is built for clarity, not for experts.
The goal is that you never need to call us. When you do, we're fast.
Step-by-step guides for every part of the platform. Written for the people doing the migration, not for administrators.
Browse guidesAsk questions about your migration in plain language — inside the product. Lumen knows your data and can take action on your behalf.
See Lumen liveEmail us. Early-access customers get a direct line to the founding team — real answers within one business day.
Get in touchWhat your security, legal, and IT teams will ask — and the answers.
Your source data is processed in-region and never used for model training. Each organization's data is isolated at the database level with row-level security enforced at every query. You can request a data processing agreement (DPA) during procurement.
Role-based access control is enforced throughout — mapper, approver, coordinator, viewer, and system admin. Every action is logged with user attribution. Privileged actions (bulk approve, export, admin settings) require explicit role assignment.
Every mapping decision, approval, override, and AI suggestion is logged with timestamp and user. Exports are available in CSV, Excel, PDF, and GRC-structured formats. The full audit trail can be exported at any point and attached to your compliance documentation.
Enterprise accounts operate in fully isolated tenants. Organization data is scoped at every layer — API, application, and database. No data leaks between organizations. Dedicated instances are available for customers with strict isolation requirements.
Supabase-backed authentication supports email/password and invite-based onboarding on all plans. SSO via SAML 2.0 / OIDC is available on Enterprise for organizations using Okta, Azure AD, or similar identity providers. Contact us during procurement to scope the integration.
Provisum runs on Vercel (edge network) and Supabase Postgres. Enterprise contracts include a 99.9% uptime SLA with incident notification. Status page available at all times. Maintenance windows are scheduled and communicated in advance.
Need a security questionnaire, DPA, or custom contract terms?
Talk to our teamWe'll scope it with you: population size, source system, timeline. Most pilots are live within a week.