Full IGA using Azure AD – Getting app role assignments using PowerShell

In this post I will quickly demo how to use PowerShell to get app role assignments for all application using the Microsoft Graph.

You should have followed my previous post in order to have created an application, added some appRoles to the manifest and granted access to the Graph.

Continue reading “Full IGA using Azure AD – Getting app role assignments using PowerShell”

Full IGA using Azure AD – App roles in OAuth ID token or SAML claim

In the last post we transferred to user information and roles to the application through Azure AD outbound provisioning with SCIM. This requires the application to either have or to implement a SCIM API, which might some times be unnecessary. Also, many applications does not have an internal user database, but relies on session information when doing access control.

In this blog post I will show you how applications can get user roles through the user’s ID token, demoed with OAuth 2.0 authorization code flow.

Continue reading “Full IGA using Azure AD – App roles in OAuth ID token or SAML claim”

Full IGA using Azure AD – Provisioning using SCIM

Continuing my series on how to achieve a full “Identity Governance and Administration” (IGA) solution using Azure AD, the topic this time and for the next few posts will be provisioning, with focus on actually transferring the app roles from my previous post into the application itself.

Continue reading “Full IGA using Azure AD – Provisioning using SCIM”

Full IGA using Azure AD – Custom app roles

Well, it’s been three years since my last post, and now I will try to start posting again. I will do a mini series on Azure AD governance features, and how to achieve a full “Identity Governance and Administration” (IGA) solution using Azure AD.

The end goal will be to handle entitlements inside Office 365 as well as third party applications. This post will focus on 3rd party apps, and will lay the foundation for handling these entitlements with the Azure AD Entitlement Management feature, as well as actually populating these entitlements inside the app using SCIM, Claims or other means, all of which will be covered in later posts.

Continue reading “Full IGA using Azure AD – Custom app roles”