Identity & Access Management (IAM)

Who gets in, what they can touch, and for how long — enforced by identity, authentication, authorization, and least privilege.

Overview

IAM is the foundation of every cloud environment. It defines how identities are created, authenticated, authorized, and governed across applications and infrastructure.
Strong IAM ensures users have the right access at the right time, while poor IAM practices often lead to privilege escalation, unauthorized access, or full compromise.
This page documents the IAM labs I’ve completed and the advanced identity engineering skills I’m building toward.

Completed Labs

0101

Identity Lifecycle & RBAC in Entra ID

Users · Groups · Directory Roles

AWS-01

Introduction to AWS IAM

Users · Groups · Policies · Roles

Lab 11

Configuring a RADIUS Server

AAA · Centralized authentication

Lab 20

Linux Account Management

Users · Groups · Access Control

In Progress Labs

0102

Hybrid Identity — Entra Connect Sync

AD → Entra ID Provisioning

0501

Multi-Factor Authentication & Conditional Access

Per-user MFA · CA Policies

0502

Passwordless + Self-Service Password Reset

SSPR with password writeback

Advanced IAM Labs

Higher-level identity engineering projects I will build as I progress through AWS, Zero Trust, and cloud security architecture.

Empire

PIM — Just-In-Time Privileged Access

Time-bound elevation · Approvals

Empire

Access Reviews & Entitlement Management

Periodic access attestations

Empire

App Registrations — OAuth2/OIDC SSO

Tokens · Scopes · Consent

Empire

Automated Provisioning — SCIM to SaaS

Identity lifecycle automation

Empire

AWS Identity Center (SSO)

Permission sets · Federation

Empire

Azure RBAC vs Entra Roles

Resource roles · Directory roles