How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application

31st of October, 2019 / / 1 Comment

As more organisations are integrating their SAML applications to AAD instead of ADFS to take advantage of the Azure AD Conditional Access Policy. One user experience issue of the change is that federated users (e.g. using ADFS for single-sign on) are first redirected to default MS AAD Login page. Only when they have entered their UPN, they are redirected to the ADFS page to sign in.

Many customers and end-users have asked if they can be redirected straight to the ADFS page, bypassing the MS login page, especially when migrating an existing ADFS federated application to AAD.… [Keep reading] “How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application”

Microsoft Graph using MSAL with PowerShell

31st of October, 2019 / / No Comments

Microsoft Authentication Libraries (MSAL) became Generally Available in May 2019 after a very long preview cycle whilst the libraries evolved to reach parity with its predecessor the Azure Active Directory Authentication Libraries (ADAL). I’ve previously used and written posts on leveraging ADAL libraries with PowerShell for Azure AD/Microsoft Graph integration using PowerShell. With some upcoming projects it’s time for me to start integrating with Microsoft Graph using MSAL with PowerShell. This post details how I transitioned from ADAL to MSAL and reduced my scripts by 60-300 lines depending on the integration.… [Keep reading] “Microsoft Graph using MSAL with PowerShell”

Generate SailPoint IdentityNow v2 & v3 API Credentials

24th of October, 2019 / / No Comments

This post details how to generate SailPoint IdentityNow v2 and v3 API credentials. This method is valid as of Oct 2019 whereby v3 Credentials are now able to be generated via the SailPoint IdentityNow Portal and v2 Credentials can be generated via the IdentityNow API. v2 credentials are useful for some legacy API’s and API calls that are long running tasks (which thereby use Digest Auth) over using the v3 JWT method. These credentials can then be leveraged by the  SailPoint IdentityNow PowerShell Module for IdentityNow orchestration tasks.… [Keep reading] “Generate SailPoint IdentityNow v2 & v3 API Credentials”

Azure Front Door with WAF Policies – An overview

17th of October, 2019 / / No Comments

If you have been working with Azure Infrastructure services, then you would have come across Core Network offerings such as Azure Traffic manager, Azure Load balancers & Application Gateways. These network services provide solutions for applications that require high availability, security & scalability, but they also come with their own limitations.  One such limitation is that they primarily exist in single regions (regional services). Azure Traffic manager for instance, which works at the DNS level for cross region support, cannot perform path-based routing and the failover time is based on TTL of the DNS record.… [Keep reading] “Azure Front Door with WAF Policies – An overview”

SSM Endpoints – A How To

29th of September, 2019 / / No Comments

AWS Simple Systems Manager (SSM or Systems Manager) is an AWS service for bulk management of EC2 instances, and on-premises servers too. Like many AWS services though, it is accessed via the internet. This means that:

  1. you need some way to access the service
  2. the control data is going out over the internet

Getting around statement a. is pretty easy, either have a direct internet connection or you can configure the SSM agent to use a proxy.  … [Keep reading] “SSM Endpoints – A How To”

Inheritance in Office 365 Tenant Dial Plans

19th of September, 2019 / / 1 Comment

For those looking to leverage the Phone System capability in Office 365 with Skype for Business or Microsoft Teams, the introduction of Tenant Dial Plans was a welcome addition to the feature set.  Essentially, a Tenant Dial Plan allows organisations to write their own rules about how phone numbers work in their business, most commonly used to facilitate short-dialing, such as a 4- or 5-digit extension dialing plan.  If you’re not familiar with Tenant Dial Plans, the Microsoft Docs page is a great place to start:

Microsoft Docs: What are Dial Plans?[Keep reading] “Inheritance in Office 365 Tenant Dial Plans”

SailPoint IdentityNow PowerShell Module

18th of September, 2019 / / No Comments

I’ve just published v1 of my SailPoint IdentityNow PowerShell Module.

NOTE: This is not an official SailPoint IdentityNow PowerShell Module.

Features

  • Easy command-line use, after setting default configuration options and securely saving them to the current user’s profile.
  • Get an IdentityNow Organisation and Get / Update an Organisation Configuration
  • Search IdentityNow Users
  • Search IdentityNow Users Profiles
  • Search IdentityNow Entitlements
  • Create / Get / Update / Remove IdentityNow Access Profiles
  • Create / Get / Start IdentityNow Certification Campaigns
  • Get IdentityNow Certification Campaign Reports (output to file or return as PSObject)
  • Create / Get / Update / Remove IdentityNow Governance Groups
  • Create / Get / Update / Remove IdentityNow Roles
  • Get / IdentityNow Sources
  • Get Accounts from an IdentityNow Source
  • Create / Update / Remove IdentityNow Source Account (Flat File / Delimited Sources)
  • Get / Complete IdentityNow Tasks
  • Get IdentityNow Virtual Appliance Clusters (and clients (VA’s))
  • Get / Update IdentityNow Applications
  • ….
[Keep reading] “SailPoint IdentityNow PowerShell Module”

Enable external site content using client side object model on SharePoint sites in tenant.

12th of September, 2019 / / No Comments

Background

Adding content to SharePoint’s Online Modern sites is easily done using SharePoint’s built in “Embed” web part. The Webpart does have a few limitations though. Firstly, the default behaviour for displaying external content is only limited to sites that have been added to the “Secure Sites” list. And, although site administrators are able to control what external content is allowed on the site, all new external domains must be explicitly added by administrators to the Secure Sites List each time.… [Keep reading] “Enable external site content using client side object model on SharePoint sites in tenant.”

Multi-Threading Granfeldt PowerShell Management Agent Imports

30th of August, 2019 / / No Comments

As I’m sure you are familiar (with my many posts on the topic), the Granfeldt PowerShell Management Agent is extremely flexible. When used to integrate Microsoft Identity Manager with modern REST API’s it is easy to retrieve pages of results from a REST API and process the objects through the Management Agent. However sometimes you need to integrate Microsoft Identity Manager with an API (e.g. a SOAP WebService) that doesn’t provide functionality to page results.… [Keep reading] “Multi-Threading Granfeldt PowerShell Management Agent Imports”

ChatOps for Microsoft Identity Manager

28th of August, 2019 / / No Comments

A Bot or ChatOps for Microsoft Identity Manager is something I’ve had in the back of my mind for just over two years. More recently last year I did build the Voice Assistant for Microsoft Identity Manager as a submission for an IoT Hackathon. But what is ChatOps?

ChatOps is a collaboration model that connects people, tools, process, and automation into a transparent workflow. This flow connects the work needed, the work happening, and the work done in a persistent location staffed by the people, bots, and related tools.[Keep reading] “ChatOps for Microsoft Identity Manager”