Generating demo Access Packages for AAD Entitlement Management through the Microsoft Graph

Some times it can be handy to be able to generate some demo content, and have some reference PowerShell for working with stuff. Here is my script for creating 5 access packages with different properties:

  • A visible package available for any external user
  • A hidden package available for any external user, requiring the user to know the url
  • A package available to external users in connected organizations
  • A package available for members of an internal group
  • A package available to any internal user, with manager approval and self review
Continue reading “Generating demo Access Packages for AAD Entitlement Management through the Microsoft Graph”

Full IGA using Azure AD – Managing access using Entitlement Management

In this blog series on building a full Identity Governance and Administration solution, we have until now covered application roles extensively, and how these can be sent to an application.

For a quick summary, this is how you can define custom application roles, here is how to send these roles using the SCIM protocol, this article shows how to transfer the roles using the OpenID Connect ID Token or SAML claim and here I can show you how to use PowerShell to query the Microsoft Graph for application role assignments for your users and groups.

Continue reading “Full IGA using Azure AD – Managing access using Entitlement Management”

Creating B2C users through the Microsoft Graph

The Microsoft Graph finally should have all functionality that previously only the Azure AD Graph had, such as the ability to create and manage B2C user accounts. Earlier you had to create them through the Azure AD Graph, in order to do certain things such as setting the account type as local and managing username.

Continue reading “Creating B2C users through the Microsoft Graph”