
IDMFUN - More than just Identity & Access Management
238 FOLLOWERS
All about experience with Identity, Access and Risk management products in the industry
IDMFUN - More than just Identity & Access Management
5M ago
Creating Azure B2C local accounts with randomly generated passwords-
# Install required modules (if not already installed)
Import-Module Microsoft.Graph
Import-Module ImportExcel
# Variables
$clientId = "<<clientid>>"
$clientSecret = "<<clientsecret>>"
$tenantId = "<<tenantid>>"
$issuerDomain = "<<domain>>.onmicrosoft.com" # The Azure B2C issuer domain
# FilePath to your Excel file
$excelFilePath = "C:\Stage\PowershellScript\users.xlsx"
$logFilePath = "C:\Stage\PowershellScript\logfile.txt"
# Function to authenticate and get an acc ..read more
IDMFUN - More than just Identity & Access Management
6M ago
# Step 1: Define the client credentials
$clientId= "<<client id>>"
$tenantId= "<<tenant id>>"
$clientSecret = ConvertTo-SecureString "<<client secret>>" -AsPlainText -Force
# Step 2: Create the PSCredential object
$credential = New-Object System.Management.Automation.PSCredential($clientId, $clientSecret)
Connect-MgGraph -Credential $credential -TenantId $tenantId
# Retrieve all groups with preferred properties
$groups = Get-MgGroup -All -Property Id, DisplayName, OnPremisesSyncEnabled, mail
# Define the output file path
$excelFilePath ..read more
IDMFUN - More than just Identity & Access Management
1y ago
# Install AzureAD module if not already installed
Install-Module -Name AzureAD -Force -Scope CurrentUser
# Import required modules
Import-Module AzureAD
# Read emails from Excel sheet
$emails = Import-Excel -Path "emails.xlsx" | Select-Object -ExpandProperty Email
# Connect to Azure AD
Connect-AzureAD
# Iterate through emails and check user existence and account status
foreach ($email in $emails) {
$user = Get-AzureADUser -Filter "mail eq '$email'"
if ($user) {
Write-Host "User with email $email exists. Account Enabled: $($user.Acco ..read more
IDMFUN - More than just Identity & Access Management
1y ago
In this article we will go through high level steps to take backup of Azure APIM instance to a storage account.
There are couple of ways to configure a regular backup of the Azure APIM instances. In this instance, we will configure Azure APIM backup using Logic Apps.
Before we proceed make sure below services are are already created
1. Azure APIM instance
2. Azure Storage account
3. Container in Azure Storage account
Let's see what it takes to configure a scheduled Azure APIM instance backup on a daily basis
1. Create a Logic App and navigate to Logic App designer tab
2. Add Recurrence step an ..read more
IDMFUN - More than just Identity & Access Management
1y ago
Install the required Azure AD preview module
Install-Module AzureADPreview
Connect to Azure AD with valid credentials -
Connect-AzureAD
Obtain the application Object ID
Get-AzureADServicePrincipal -Filter "DisplayName eq '<<APPLICATION_NAME>>'"
Take the ObjectId from the above command result
Get-AzureADServicePrincipalPolicy -id <<OBJECT ID from the above command>>
Get the policy details
Get-AzureADPolicy -Id <<ObjectIdOfthe Policy>> |select *
  ..read more
IDMFUN - More than just Identity & Access Management
1y ago
# Set your Cosmos DB account and database details
$resourceGroupName = "<<Resource Group Name>>"
$accountName = "<<Azure Cosmos DB Account Name>>"
$databaseName = "<<Database Name>>"
$containerName = "<<container Name>>"
# Set the output CSV file path
$outputCsvFilePath = "<<Location>>\export.csv"
# Query to retrieve data from Cosmos DB
$query = "SELECT * FROM c"
# Authenticate to your Azure account (if not already authenticated)
# Connect-AzAccount
# Get the Cosmos DB container
$container = Get-AzCosmosDBSqlContainer -ResourceG ..read more
IDMFUN - More than just Identity & Access Management
4y ago
I'm sharing another use case, "Kerberos + HEADER-based application SSO" implementation experience with Apache and Keberos module. There are times you end up working with a custom authentication & Single Sign-On solution to an application despite modern authentication mechanisms.
One such situation is providing seamless access to an application when accessing from an Active Directory domain-joined machine. It technically means leveraging the Kerberos token from the device and authenticates the user into the HEADER-based application.
Utilizing Apache web server, Kerberos module, and apache r ..read more
IDMFUN - More than just Identity & Access Management
4y ago
When uploading Azure AD SAML metadata to a service provider you might get below error message -
*********************************************************************
SAML xml metadata validation failed with the following error: This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType'” SAML xml metadata validation failed with the following error: This is an invalid xsi:type 'http://docs.oasis-open.org/wsfed/federation/200706:SecurityTokenServiceType'.
****************************************************************************
Q ..read more
IDMFUN - More than just Identity & Access Management
4y ago
There are times you want to know synched or cloud only groups.
Command to search synched groups -
Get-AzureADGroup -All $true | where-Object {$_.DirSyncEnabled -eq $TRUE}
Command to search cloud only groups -
Get-AzureADGroup -All $true | where-Object {$_.DirSyncEnabled -eq $NULL}
Funny enough that DirSyncEnabled attribute contains "TRUE" (if it's synched group) "NULL" (if cloud only)
Thanks
Siva Pokuri ..read more
IDMFUN - More than just Identity & Access Management
5y ago
Below setting in Azure AD user entry will make the external account visible in Outlook Address book -
Create Azure AD guest account using Graph API invitation URL
Update the user entry by setting "ShowInAddressList" attribute to "true" using Graph User API
Check the email address in Outlook Address Book
Note - This above configuration worked in beta version of graph API.
Thanks
Siva Pokuri ..read more