Security specialty

Identity Access Management

Browse every cataloged workflow for identity access management, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

37 skills

cybersecuritySkill

Attacking Entra ID with ROADtools

Enumerate Entra ID with ROADrecon and acquire and exchange tokens with roadtx.

Identity Access Management
azure-adcloud-enumerationentra-ididentity-attack+4
ATT&CK, 5 mappingsNIST CSF, 1 mapping
cybersecuritySkill

Attacking OAuth with Device-Code Phishing

Run OAuth 2.0 device-code and illicit-consent phishing against Microsoft Entra ID to steal access and refresh tokens, bypass MFA, and pivot across Microsoft 365 services.

Identity Access Management
device-code-phishingentra-idillicit-consentmfa-bypass+4
ATT&CK, 4 mappingsNIST CSF, 1 mapping
cybersecuritySkill

Auditing Entra ID with AADInternals

Run Microsoft Entra ID tenant reconnaissance, token acquisition and manipulation, and federation backdoor testing with the AADInternals PowerShell toolkit to validate identity-attack resilience.

Identity Access Management
aadinternalsadfsazure-adentra-id+4
ATT&CK, 5 mappingsNIST CSF, 1 mapping
cybersecuritySkill

Building Identity Federation with SAML Azure AD

Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID) for seamless cross-domain authentication and SSO to cloud applications.

Identity Access Management
adfsazure-adentra-idfederation+4
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Building Identity Governance Lifecycle Process

Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation, role mining, access request workflows, periodic recertification, and orphaned account remediation using IGA platforms. Activates for requests involving identity lifecycle management, JML processes, role-based access provisioning, or identity governance program design.

Identity Access Management
access-provisioningidentity-governanceigajml+2
ATT&CK, 5 mappingsNIST CSF, 4 mappingsAI RMF, 3 mappings
cybersecuritySkill

Building Role Mining for RBAC Optimization

Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission assignments, reducing role explosion and enforcing least privilege.

Identity Access Management
access-controlclusteringidentity-governanceleast-privilege+2
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring Active Directory Tiered Model

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory. Covers Tier 0/1/2 separation, privileged access workstations (PAWs), administrative forest design, authentication policy silos, and credential theft mitigation.

Identity Access Management
access-controlactive-directoryesaeiam+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring LDAP Security Hardening

Harden LDAP directory services against common attacks including credential harvesting, LDAP injection, anonymous binding, and channel binding bypass. Covers LDAPS enforcement, channel binding, LDAP signing, access control lists, and monitoring for LDAP-based attacks.

Identity Access Management
access-controldirectory-serviceshardeningiam+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring Multi-Factor Authentication with Duo

Deploy Cisco Duo multi-factor authentication across enterprise applications, VPN, RDP, and SSH access points. This skill covers Duo integration methods, adaptive authentication policies, device trust assessment, and phishing-resistant MFA deployment aligned with NIST 800-63B AAL2/AAL3 requirements.

Identity Access Management
access-controlauthenticationduoiam+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring OAuth 2.0 Authorization Flow

Configure secure OAuth 2.0 authorization flows including Authorization Code with PKCE, Client Credentials, and Device Authorization Grant. This skill covers flow selection, PKCE implementation, token lifecycle management, scope design, and alignment with OAuth 2.1 security requirements.

Identity Access Management
access-controlauthenticationauthorizationiam+4
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Detecting Anomalous Authentication Patterns

Detects anomalous authentication patterns using UEBA analytics, statistical baselines, and machine learning models to identify impossible travel, credential stuffing, brute force, password spraying, and compromised account behaviors across authentication logs. Activates for requests involving authentication anomaly detection, login behavior analysis, UEBA implementation, or suspicious sign-in investigation.

Identity Access Management
authentication-anomalybehavioral-analyticsbrute-forcecredential-stuffing+2
ATT&CK, 5 mappingsNIST CSF, 4 mappingsATLAS, 2 mappingsAI RMF, 3 mappings
cybersecuritySkill

Implementing AWS IAM Permission Boundaries

Configure IAM permission boundaries in AWS to delegate role creation to developers while enforcing maximum privilege limits set by the security team.

Identity Access Management
awscloud-securitydelegationiam+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Azure AD Privileged Identity Management

Configure Microsoft Entra Privileged Identity Management to enforce just-in-time role activation, approval workflows, and access reviews for Azure AD privileged roles.

Identity Access Management
azure-adentra-ididentity-governancejust-in-time+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Conditional Access Policies in Azure AD

Configure Microsoft Entra ID (Azure AD) Conditional Access policies for zero trust access control. Covers signal-based policy design, device compliance requirements, risk-based authentication, named locations, session controls, and integration with NIST SP 1800-35 zero trust architecture.

Identity Access Management
access-controlazure-adconditional-accessentra-id+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Delinea Secret Server for PAM

Implements Delinea Secret Server for privileged access management (PAM) including secret vault configuration, role-based access policies, automated password rotation, session recording, and integration with Active Directory and cloud platforms. Activates for requests involving PAM deployment, privileged credential vaulting, secret server administration, or password rotation automation.

Identity Access Management
credential-managementdelineapampassword-vault+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Google Workspace Admin Security

Implements comprehensive Google Workspace security hardening including admin console configuration, phishing-resistant MFA enforcement, DLP policies, email authentication (SPF/DKIM/DMARC), OAuth app control, and external sharing restrictions. Activates for requests involving Google Workspace hardening, G Suite security configuration, or cloud office security administration.

Identity Access Management
admin-securitycloud-securitydlpdmarc+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Google Workspace SSO Configuration

Configure SAML 2.0 single sign-on for Google Workspace with a third-party identity provider, enabling centralized authentication and enforcing organization-wide access policies.

Identity Access Management
authenticationfederationgoogle-workspaceidentity-provider+2
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing HashiCorp Vault Dynamic Secrets

Implements HashiCorp Vault dynamic secrets engines for database credentials, AWS IAM keys, and PKI certificates with automatic generation, lease management, and credential rotation to eliminate static secrets in application configurations. Activates for requests involving Vault secrets engine configuration, dynamic database credentials, ephemeral cloud credentials, or automated secret rotation.

Identity Access Management
aws-secretsdatabase-credentialsdynamic-secretshashicorp-vault+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Identity Governance with SailPoint

Deploy SailPoint IdentityNow or IdentityIQ for identity governance and administration. Covers identity lifecycle management, access request workflows, certification campaigns, role mining, SOD policy enforcement, and compliance reporting for enterprise IAM.

Identity Access Management
access-controlgovernanceiamidentity+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Just-In-Time Access Provisioning

Implement Just-In-Time (JIT) access provisioning to eliminate standing privileges by granting temporary, time-bound access only when needed. This skill covers JIT architecture design, approval workflows, automatic expiration, integration with PAM and IGA platforms, and alignment with zero trust principles.

Identity Access Management
access-controliamidentityjit+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing PAM for Database Access

Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credential generation, and least-privilege database roles.

Identity Access Management
access-controldatabasedbaiam+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Passwordless Auth with Microsoft Entra

Implements passwordless authentication using Microsoft Entra ID with FIDO2 security keys, Windows Hello for Business, Microsoft Authenticator passkeys, and certificate-based authentication to eliminate password-based attacks. Activates for requests involving passwordless deployment, FIDO2 passkey configuration, phishing-resistant MFA, or Microsoft Entra authentication method policies.

Identity Access Management
fido2microsoft-entrapasskeyspasswordless+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Passwordless Authentication with FIDO2

Deploy FIDO2/WebAuthn passwordless authentication using security keys and platform authenticators. Covers WebAuthn API integration, FIDO2 server configuration, passkey enrollment, biometric authentication, and migration from password-based systems aligned with NIST SP 800-63B AAL3.

Identity Access Management
access-controlauthenticationfido2iam+3
ATT&CK, 4 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 4 mappings
cybersecuritySkill

Implementing Privileged Access Management with CyberArk

Deploy CyberArk Privileged Access Management to discover, vault, rotate, and monitor privileged credentials across enterprise infrastructure. This skill covers vault architecture, session isolation, credential rotation policies, and integration with NIST 800-53 access control requirements.

Identity Access Management
access-controlcyberarkiamidentity+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Privileged Session Monitoring

Implements privileged session monitoring and recording using Privileged Access Management (PAM) solutions, focusing on CyberArk Privileged Session Manager (PSM) and open-source alternatives. Covers session recording configuration, keystroke logging, real-time monitoring, risk-based session analysis, and compliance audit trail generation. Activates for requests involving privileged session recording, PAM session monitoring, CyberArk PSM configuration, administrator activity monitoring, or compliance session auditing.

Identity Access Management
compliancecyberarkpamprivileged-session+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing SAML SSO with Okta

Implement SAML 2.0 Single Sign-On (SSO) using Okta as the Identity Provider (IdP). This skill covers end-to-end configuration of SAML authentication flows, attribute mapping, certificate management, and security hardening for enterprise SSO deployments.

Identity Access Management
access-controlauthenticationiamidentity+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing SCIM Provisioning with Okta

Implement automated user provisioning and deprovisioning using SCIM 2.0 protocol with Okta as the identity provider.

Identity Access Management
automationidentity-managementlifecycle-managementokta+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Zero Standing Privilege with CyberArk

Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.

Identity Access Management
cloud-securitycyberarkjit-accessleast-privilege+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Access Recertification with Saviynt

Configure and execute access recertification campaigns in Saviynt Enterprise Identity Cloud to validate user entitlements, revoke excessive access, and maintain compliance with SOX, SOC2, and HIPAA.

Identity Access Management
access-recertificationcertification-campaigncomplianceidentity-governance+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Access Review and Certification

Conduct systematic access reviews and certifications to ensure users have appropriate access rights aligned with their roles. This skill covers review campaign design, reviewer selection, risk-based prioritization, micro-certification strategies, and remediation tracking for compliance with SOX, HIPAA, and PCI DSS requirements.

Identity Access Management
access-controlaccess-reviewcertificationcompliance+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Entitlement Review with SailPoint IdentityIQ

Performs entitlement review and access certification campaigns using SailPoint IdentityIQ including manager certifications, targeted entitlement reviews, role-based access validation, SOD violation remediation, and automated revocation workflows. Activates for requests involving access reviews, entitlement certifications, SailPoint IIQ governance, or periodic user access recertification.

Identity Access Management
access-governanceaccess-reviewentitlement-certificationidentityiq+2
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing OAuth Scope Minimization Review

Performs OAuth 2.0 scope minimization review to identify over-permissioned third-party application integrations, excessive API scopes, unused token grants, and risky OAuth consent patterns across identity providers and SaaS platforms. Activates for requests involving OAuth scope audit, API permission review, third-party app risk assessment, or consent grant minimization.

Identity Access Management
api-securityconsent-reviewoauthscope-minimization+2
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Privileged Account Access Review

Conduct systematic reviews of privileged accounts to validate access rights, identify excessive permissions, and enforce least privilege across PAM infrastructure.

Identity Access Management
access-reviewauditcomplianceidentity-governance+3
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Privileged Account Discovery

Discover and inventory all privileged accounts across enterprise infrastructure including domain admins, local admins, service accounts, database admins, cloud IAM roles, and application admin accounts. Covers automated scanning, risk classification, and onboarding to PAM.

Identity Access Management
access-controldiscoveryiamidentity+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Service Account Audit

Audit service accounts across enterprise infrastructure to identify orphaned, over-privileged, and non-compliant accounts. This skill covers discovery of service accounts in Active Directory, cloud platforms, databases, and applications, assessing privilege levels, identifying missing owners, and enforcing lifecycle policies.

Identity Access Management
access-controlauditgovernanceiam+2
ATT&CK, 6 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Performing Service Account Credential Rotation

Automate credential rotation for service accounts across Active Directory, cloud platforms, and application databases to eliminate stale secrets and reduce compromise risk.

Identity Access Management
automationcredential-rotationpamsecrets-management+2
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Post-Exploiting Microsoft Graph with GraphRunner

Perform recon, persistence, privilege escalation, and data search via the Microsoft Graph API using GraphRunner.

Identity Access Management
account-manipulationentra-idgraphrunnerm365+4
ATT&CK, 7 mappingsNIST CSF, 1 mapping