This project demonstrates enterprise Identity and Access Management (IAM) concepts using Microsoft Entra ID.
The lab focuses on implementing and analyzing:
- SAML-based Single Sign-On (SSO)
- Identity Federation
- OpenID Connect (OIDC)
- OAuth 2.0 authentication concepts
- JWT token analysis
- Claims-based identity
- Enterprise application integration
The objective of this project is to simulate real-world IAM authentication workflows commonly used in enterprise environments.
- Microsoft Entra ID
- SAML 2.0
- OAuth 2.0
- OpenID Connect (OIDC)
- JWT Tokens
- Enterprise Applications
- App Registrations
- jwt.ms
- SAMLTest.id
Configured Microsoft Entra ID as the Identity Provider (IdP) and integrated a SAML-based Service Provider (SP) using samltest.id.
- Identity Provider (IdP)
- Service Provider (SP)
- SAML Assertions
- Federation Trust
- Single Sign-On (SSO)
- Claims-Based Authentication
- Created enterprise application
- Configured SAML settings
- Configured Identifier and Reply URL
- Assigned users to application
- Tested SSO authentication flow
- Validated federation functionality
- Inspected SAML assertions using SAML-tracer
Configured modern token-based authentication using Microsoft Entra ID App Registrations.
- OAuth 2.0
- OpenID Connect (OIDC)
- JWT Tokens
- Claims-Based Identity
- Token Authentication
- Redirect URI Validation
- Created App Registration
- Configured Redirect URI
- Enabled ID Token support
- Performed OIDC authentication
- Generated JWT ID token
- Analyzed token claims using jwt.ms
The following JWT claims were reviewed during authentication testing:
| Claim | Description |
|---|---|
| aud | Audience of the token |
| iss | Token issuer |
| tid | Tenant identifier |
| oid | Unique object ID of user |
| preferred_username | Authenticated user identity |
| nonce | Replay attack protection |
| exp | Token expiration timestamp |
- Identity Federation
- Single Sign-On (SSO)
- SAML Authentication
- OpenID Connect (OIDC)
- OAuth 2.0 Concepts
- JWT Authentication
- Claims-Based Identity
- Token Security
- Identity Provider (IdP)
- Service Provider (SP)
- Enterprise Authentication Flow
Through this project, the following practical IAM skills were developed:
- Configuring enterprise authentication workflows
- Understanding SAML federation architecture
- Analyzing JWT tokens and identity claims
- Implementing OpenID Connect authentication
- Understanding authentication vs authorization
- Troubleshooting federation and authentication issues
- Working with Microsoft Entra ID enterprise applications and app registrations
Screenshots demonstrating configuration steps and authentication validation are available in the /Screenshots directory.
This project was created in a Microsoft Entra ID free-tier development environment for learning and demonstration purposes.
Some enterprise-grade security features such as Conditional Access require premium licensing and were studied conceptually where implementation was restricted.