Automating Azure AD B2B Guest Invitations using Microsoft Identity Manager

27th of August, 2018 / / No Comments 
Update: Oct 30 '18 
Also see this post that adds support for Microsoft's updates 
to the Microsoft Graph to include additional information 
about Azure AD B2B Guest users.

Introduction

Earlier this year Microsoft released the Microsoft Identity Manager Azure AD B2B Management Agent. I wrote about using it to write to Azure AD in this post here. As detailed in that post my goal was to write to Azure AD using the MA. I provided an incomplete example of doing that for Guests.… [Keep reading] “Automating Azure AD B2B Guest Invitations using Microsoft Identity Manager”

Quickly generating a dataset of fictitious Users using Randomised Real Data and PowerShell

7th of August, 2018 / / No Comments

Introduction

I’ve lost count of the number of times I’ve had the need to generate a representative dataset of users. Of course I have access to many production datasets but for many reasons they can’t be used. Finding previous datasets I’ve randomly generated always seems to take longer than it should, so with my most recent iteration of having to generate a fictitious list of users with Australian addresses, I’ve documented how I went about it, along with the source data I used and the script to create it.… [Keep reading] “Quickly generating a dataset of fictitious Users using Randomised Real Data and PowerShell”

A Voice Assistant for Microsoft Identity Manager

2nd of August, 2018 / / No Comments

This is the third and final post in my series around using your voice to query/search Microsoft Identity Manager or as I’m now calling it, the Voice Assistant for Microsoft Identity Manager.
The two previous posts in this series detail some of my steps and processes in developing and fleshing out this concept. The first post detailed the majority of the base functionality whilst the second post detailed the auditing and reporting aspects into Table Storage and Power BI.… [Keep reading] “A Voice Assistant for Microsoft Identity Manager”

Replace Personal Privilege Account into Shareable Broker Accounts

11th of July, 2018 / / No Comments

Introduction
Most of the organizations still have the practice of Personal Privilege Accounts in their corporate platforms and application. It’s very challenging when comes to managing and monitoring those accounts which gives non-restrictive access to the most valuable systems in the Organizations. Effective procedures around managing these privileged accounts are extremely difficult without specialized tools.
CyberArk Privileged Account Management solution enable these organizations to secure, provision, manage, control and monitor all activities associated with privileged accounts present in their IT landscape.… [Keep reading] “Replace Personal Privilege Account into Shareable Broker Accounts”

Using your Voice to Search Microsoft Identity Manager – Part 2

5th of July, 2018 / / No Comments

Introduction

Last month I wrote this post that detailed using your voice to search/query Microsoft Identity Manager. That post demonstrated a working solution (GitHub repository coming next month) but was still incomplete if it was to be used in production within an Enterprise. I hinted then that there were additional enhancements I was looking to make. One is an Auditing/Reporting aspect and that is what I cover in this post.

Overview

The one element of the solution that has visibility of each search scenario is the IoT Device.… [Keep reading] “Using your Voice to Search Microsoft Identity Manager – Part 2”

Using your Voice to Search Microsoft Identity Manager – Part 1

25th of June, 2018 / / No Comments

Introduction

Yes, you’ve read the title correctly. Speaking to Microsoft Identity Manager. The concept behind this was born off the back of some other work I was doing with Microsoft Cognitive Services. I figured it shouldn’t be that difficult if I just break down the concept into individual elements of functionality and put together a proof of concept to validate the idea. That’s what I did and this is the first post of the solution as an overview.… [Keep reading] “Using your Voice to Search Microsoft Identity Manager – Part 1”

Auto-redirect ADFS 4.0 home realm discovery based on client IP

14th of June, 2018 / / No Comments

As I mentioned in my previous post here that I will explain how to auto-redirect the home realm discovery page to an ADFS namespace (claims provider trust) based on client’s IP so here I am.
Let’s say you have many ADFS servers (claims providers trusts) linked to a central ADFS 4.0 server and you want to auto-redirect the user to a linked ADFS server login page based on user’s IP instead of letting the user to choose a respective ADFS server from the list on the home realm discovery page as explained in the below request flow diagram.… [Keep reading] “Auto-redirect ADFS 4.0 home realm discovery based on client IP”

Implementing Azure API Management with the Lithnet Microsoft Identity Manager Rest API

30th of May, 2018 / / No Comments

Introduction

Earlier this week I wrote this post that detailed implementing the Lithnet REST API for FIM/MIM Service. I also detailed using PowerShell to interact with the API Endpoint.
Now lets imagine you are looking to have a number of Azure Serverless features leverage your Rest API enabled Microsoft Identity Manager environment. Or even offer it “as-a-Service”. You’ll want to have some visibility as to how it is performing, and you’ll probably want to implement features such as caching and rate limiting let alone putting more security controls around it.… [Keep reading] “Implementing Azure API Management with the Lithnet Microsoft Identity Manager Rest API”

Getting started with the Lithnet REST API for the Microsoft Identity Manager Service

29th of May, 2018 / / No Comments

Introduction

A common theme with my posts on Microsoft Identity is the extensibility of it particularly with the Lithnet tools that Ryan has released.
One such tool that I’ve used but never written about is the Lithnet REST API for the Microsoft Identity Manger Service. For a small proof of concept I’m working on I was again using this REST API and I needed to update it as Ryan has recently added some new functionality. I realised I hadn’t set it up in a while and while Ryan’s documentation is very good it was written some time ago when IIS Manager looked a little different.… [Keep reading] “Getting started with the Lithnet REST API for the Microsoft Identity Manager Service”

Preventing double-app-loading behaviour with ADAL.js

26th of May, 2018 / / No Comments

Microsoft’s JavaScript implementation of its Azure Active Directory Authentication Library (ADAL.js) allows for some great client-side-only Single Page App (SPA) scenarios.
Unfortunately (as with most things auth-related), there are some gotcha’s to be aware of. One relates to how ADAL obtains refresh tokens in this crazy world of implicit auth.

Implicit Auth Flow

Implicit auth allows for the application developer to not have to host their own token authentication service. The ADAL.js and the Azure AD auth endpoint do all the heavy lifting:

It’s the bottom third of the diagram (after the token expires) that causes the issue I am addressing in this post.… [Keep reading] “Preventing double-app-loading behaviour with ADAL.js”