In this insightful discussion, Martin Sandren from IKEA joins Entra Chat to discuss the evolving landscape of IAM.

The episode covers critical considerations for modern identity strategies, including the trade-offs between syncable and device-bound passkeys, the necessity of robust regression testing for Conditional Access, and advancements in identity proofing methods.

Subscribe with your favorite podcast player or watch on YouTube 👇

About Martin Sandren

Martin Sandren is the IAM Lead at Inter IKEA, overseeing the systems that support IKEA's worldwide presence. His extensive background includes over twenty years of experience as an IAM product lead, architect, engineering manager, and developer.

Beyond his role at IKEA, he is actively involved in the identity community as a frequent speaker at international conferences and a founder of the Digital Identity Amsterdam meetup and the Amsterdam chapter of IdentiBeer, and is active within the idNext foundation and IDPro.

LinkedIn - https://linkedin.com/in/martinsandren/

🔗 Related Links

• IAM Conferences in Europe

📗 Chapters

00:00 Intro

02:51 Martin's Journey into Entra & Early IAM Experiences

05:35 Early Entra Wins: Simplified Sign-in Logging

07:02 Value of Microsoft's Preview Feature Model (Private/Public/GA)

09:39 Evolution of Federation: SAML/OIDC Then vs Now

13:22 The Rise of SCIM for User Provisioning

14:47 Cloud Standardization vs On-Prem Customization Trade-offs

16:48 Identity Governance & Multi-Tenant Organizations (MTO)

19:01 The Power & Complexity of Conditional Access

20:23 Resilience & Offline Scenarios in IAM

23:12 Challenges with Guest User Management & Governance

26:16 Cross-Tenant Sync vs Connected Organizations

27:49 The "Schrodinger's Cat" Problem with Guest Accounts

30:58 Mastering Conditional Access Policies: Best Practices & Pitfalls

32:41 Shifting Security Focus: From Network to Identity Defense-in-Depth

34:04 Adapting Security for Different User Populations (Frontline Workers)

35:21 Leveraging ITDR, Risky User Signals & Red Teaming

38:00 Importance of Regression Testing CA Policies (Meister Tool)

39:08 Edge Cases: SSPR & Certificate-Based Authentication Conflicts

40:37 Securing Conditional Access Group Memberships

42:40 Identity Proofing, Onboarding & Phishing Risks

46:01 Wishlist: Granular Read Permissions in Entra

48:36 Passkeys & Phishing-Resistant MFA: Progress & Challenges (Android Usability)

50:01 Strategy: Syncable vs Device-Bound Passkeys

51:58 Embracing Standards: SSF & CAPE Protocols

53:04 Advice for Newcomers to the Identity & Access Management Field

54:55 Closing Remarks

Podcast Apps

🎧 Apple Podcast → https://entra.chat/apple

📺 YouTube → https://entra.chat/youtube

📺 Spotify → https://entra.chat/spotify

🎧 Overcast → https://entra.chat/overcast

🎧 Pocketcast → https://entra.chat/pocketcast

🎧 Others → https://entra.chat/rss

Merill's socials

📺 YouTube → youtube.com/@merillx

👔 LinkedIn → linkedin.com/in/merill

🐤 Twitter → twitter.com/merill

🕺 TikTok → tiktok.com/@merillf

🦋 Bluesky → bsky.app/profile/merill.net

🐘 Mastodon → infosec.exchange/@merill

🧵 Threads → threads.net/@merillf

🤖 GitHub → github.com/merill

Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe