Secure Access Controls Lab

RBAC | MFA | Conditional Access | PIM/PAM

โฌ… Back to Enterprise IAM Lab Overview

๐Ÿ“– Overview

This lab provides hands-on experience with designing and enforcing secure access controls across enterprise identity platforms. It focuses on principles such as Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), Conditional Access, and Privileged Identity/Access Management (PIM/PAM). The goal is to simulate real-world enterprise security controls that apply consistently across Microsoft Entra ID, Okta, and Active Directory environments.

๐Ÿ“š What This Covers

๐Ÿ›ก๏ธ Role-Based Access Control (RBAC)

Enforce least privilege across platforms to secure user access.

๐Ÿ”‘ Multi-Factor Authentication (MFA)

Implement MFA enforcement and step-up authentication for sensitive actions.

โš™๏ธ Conditional Access

Design policies for geo-blocking, device compliance, and session control.

๐Ÿง‘โ€๐Ÿ’ผ Privileged Identity Management (PIM/PAM)

Manage elevated accounts securely and enforce just-in-time access.

๐Ÿ“Š Access Reviews & Attestation

Perform periodic access reviews and attestations to ensure compliance.

๐Ÿ“ Lab Sections

Role-Based Access Control (RBAC)

Define roles, map job functions to entitlements, and enforce least privilege across platforms.

View Walkthrough

Multi-Factor Authentication (MFA) Enforcement

Compare MFA enforcement strategies across Entra, Okta, and on-prem AD; simulate step-up authentication.

View Walkthrough

Conditional Access Policies

Design cross-platform policies (Entra vs. Okta) for geo-blocking, device compliance, and session restrictions.

View Walkthrough

Privileged Identity & Access Management (PIM/PAM)

Secure elevated accounts with just-in-time access, step-up MFA, and time-bound admin roles.

View Walkthrough

Access Reviews & Attestations

Simulate periodic certifications where managers and compliance officers validate user access rights.

View Walkthrough

๐Ÿ›  Tools Used

Microsoft Entra ID (PIM, Conditional Access, role assignments)
Okta Identity Cloud (app-based access policies, admin roles, MFA)
Active Directory (on-prem privileged groups, delegation, smart card MFA)
Azure AD Connect (hybrid identity context)
PowerShell (reporting on role membership, privileged accounts, access reviews)
Okta Workflows (automating access attestation and notifications)

๐Ÿ”— Related Labs

Microsoft Entra ID โ€“ Cloud identity provisioning, license assignment, Conditional Access enforcement
Okta โ€“ Application integrations, MFA policies, lifecycle automation
Active Directory (On-Prem) โ€“ OU structure, delegated access, PowerShell automation
Federation Protocols โ€“ Authentication flows with SAML, OAuth, and OIDC