Identity Management

Deploying the eduPerson Schema to Active Directory

If you work in a higher education environment, there exists a set of standards that must be implemented to allow students and faculty to collaborate on projects at other schools or to use higher education specific services. One of these standards is the eduPerson schema, which provides storage for widely used education-specific attributes about a […]

Deploying the eduPerson Schema to Active Directory Read More »

Improving Entra ID B2B User Management with Cross-Tenant Synchronization

B2B user management is a challenge for many organizations that utilize it for collaboration. In this blog, we discuss how to address this challenge using cross-tenant synchronization. Cross-tenant synchronization connects two or more Entra ID (formerly Azure Active Directory) tenants and copies users between them while keeping attributes in sync. In intra-organization collaboration scenarios, such

Improving Entra ID B2B User Management with Cross-Tenant Synchronization Read More »

Flattening Group Memberships to a Single Group

In previous blog posts (Part 1, Part 2), we discussed a powerful feature in Entra ID (formerly Azure Active Directory) known as dynamic membership rules. In short, Entra ID’s dynamic membership rules feature allows you to use any attributes from Entra ID’s base set or custom extension properties to construct groups that automatically add and

Flattening Group Memberships to a Single Group Read More »

3 Components of Cloud Authentication: Enterprise SSO, Zero Trust, Passwordless

In the past few years, we’ve seen a rapid expansion in remote and remote-hybrid workforces. Remote employees primarily use cloud-native services to manage their daily workloads from the comfort of their home (or public) internet. This has caused a great deal of stress for IT departments, especially those that rely heavily on their internal infrastructure.  

3 Components of Cloud Authentication: Enterprise SSO, Zero Trust, Passwordless Read More »

How to Use Staged Rollout to Migrate to Entra Single Sign-On

Are you ready to make the move to Entra (formerly Azure Active Directory) single sign-on (SSO)? Do you want to avoid the complications of federated authentication for Microsoft 365? Are you unsure about switching your entire organization over at once? Entra ID’s cloud authentication staged rollout might be the answer. Background to Entra SSO Entra

How to Use Staged Rollout to Migrate to Entra Single Sign-On Read More »

How to Use Dynamic Group Memberships in Entra ID: Part 2

In Part 1 of this blog post, we looked at what goes into thinking about and designing your automated access policies. As discussed, we want to first think about our policies in “natural language” before we dive into the technical implementation. We also covered the dynamic membership rules feature in Entra ID (formerly Azure Active

How to Use Dynamic Group Memberships in Entra ID: Part 2 Read More »

How to Use Dynamic Group Memberships in Entra ID: Part 1

Many organizations control access to internal systems by simply relying on whether or not an account is enabled. However, users often change roles throughout their careers within a single organization. For example, a user might start as an intern in one department and then be hired full-time in another department. After a few years, they

How to Use Dynamic Group Memberships in Entra ID: Part 1 Read More »

Monitoring for LDAP Client Security

Applications that use Lightweight Directory Access Protocol (LDAP) are prevalent in virtually every organization that uses Active Directory (AD). Unfortunately, the default AD configuration provides opportunities for insecure LDAP connections. These defaults have come into focus because of common, widely available AD attack tools such as NTLMRelayX. (For more information about NTLMRelayX, see How to

Monitoring for LDAP Client Security Read More »