Featured IAM Project

Microsoft Entra Identity Lifecycle, Access Governance & Zero Trust Lab

A reproducible IAM portfolio lab that demonstrates how identities receive, accumulate, lose, and recover access through automated lifecycle controls, investigation, and verified remediation.

Northstar local IAM evidence dashboard showing passing lifecycle, configuration, and authorized Entra results

Executed Evidence, Not a Mock Portal

The dashboard is generated from real local automation using deterministic synthetic identities. A separate reversible extension was executed in an authorized Microsoft Entra tenant using disabled synthetic users and groups.

Project Overview

Northstar Health Systems is a fictional healthcare technology company that needs reliable identity lifecycle and access governance. I built a local digital twin using SQLite, Python, PowerShell, and configuration-as-data, then added a reversible authorized Entra extension for live user and group operations.

Key Features

  • Deterministic joiner, mover, contractor-expiration, and entitlement workflows
  • Four-layer access model covering role, department, employment type, and privilege
  • Excessive-access and segregation-of-duties detection
  • Investigation evidence, audit history, remediation, and post-remediation verification
  • Conditional Access, access governance, and application-risk validators
  • Passing and intentionally failing fixtures with documented exit codes
  • Reversible authorized Entra deployment using disabled synthetic identities

Architecture Highlights

  • Independent policy engine separated from local and Microsoft Graph adapters
  • Transactional SQLite state with append-only audit events
  • PowerShell administrator workflows backed by typed Python validation
  • GitHub Actions running the same core commands as the recorded demo
  • Machine-readable JSON and recruiter-readable Markdown reports

Evidence boundary: Local automation is labeled Implemented Locally. The live user/group scenario is labeled Implemented in Authorized Tenant/Lab. Premium controls unavailable in the Entra Free tenant remain Designed for Entra and are never presented as deployed.

Use Cases

  • Joiner-mover-leaver control validation
  • Access accumulation and toxic-combination detection
  • Expired contractor and stale guest investigation
  • Conditional Access policy quality review
  • Enterprise application and workload identity governance
View IAM Lab on GitHub →

Tech Stack

Microsoft Entra ID Microsoft Graph PowerShell 7 Python SQLite JSON pytest GitHub Actions Zero Trust RBAC Identity Governance

Project Stats

Automated tests: 7 passing

CI: GitHub Actions passing

Execution modes: Local + authorized Entra

Live objects: Disabled synthetic identities and security groups

Skills Demonstrated

  • Identity lifecycle analysis
  • Microsoft Entra administration
  • RBAC and segregation of duties
  • Access governance design
  • PowerShell and Python automation
  • Identity investigation and evidence handling
  • Remediation and verification
  • Testing, CI, and reproducibility

Business value: The project shows how an IAM analyst can translate an HR event into controlled access, identify a failed mover workflow, explain the risk to stakeholders, remediate the entitlement, and prove that the identity is compliant.

Discuss This Project →