Proof Key for Code Exchange (PKCE) is a mechanism often used with an OAuth2 Authorization Code Grant flow to provide an enhanced level of security when authenticating to an Identity Provider such as Microsoft Graph to get an access token. In order to use PKCE a code_verifier is generated along with a code_challenge.… keep reading
Microsoft Graph Permission Scope IDs
Registering Microsoft Graph applications using the Azure Portal and assigning API Permissions is trivial. When you are automating that process though rather than choosing API permissions using the Azure Portal Application Registration UI, you need to know the Microsoft Graph Permission Scope IDs.… keep reading
What does your Azure AD FIDO2 Passwordless Credential look like?
I’m curious. I often think, how does that work? Or why does it behave like that? We are well into the journey towards Passwordless adoption and I’ve spoken and posted about aspects of it before. Always a good place to start are the standards.… keep reading
Interactive Authentication to Microsoft Graph using MSAL with PowerShell and Delegated Permissions
Previously I’ve written about using MSAL and PowerShell with Application Permissions and Client Credentials and Certificate based authentication. Also with Delegated Permissions and Device Code flow authentication. The one I haven’t written a post on is performing interactive authentication to Microsoft Graph using MSAL with PowerShell and Delegated Permissions.… keep reading
Get Certificates from a YubiKey using PowerShell
Last week Yubico announced the general availability of their desktop .NET SDK for YubiKeys. I jumped over to their GitHub repo to check out what functionality the .NET SDK exposed. The good news is that the Personal Identity Verification (PIV) slots used for certificates are accessible.… keep reading
DevOps for SailPoint IdentityNow with PowerShell
This is the accompanying blogpost for my SailPoint Navigate Developer presentation DevOps for SailPoint IdentityNow with PowerShell from August 19 2021. If you are registered you can go direct to the presentation with this link.
A summary of what I showed in the demonstration is below.… keep reading
Interactive Authentication to Microsoft Graph using MSAL with Python and Delegated Permissions
Earlier this year I wrote this post on Microsoft Graph using MSAL with Python and Delegated Permissions. That post used the Device Code flow which was valid for the particular scenario I had at that time. This post whilst also using delegated permissions and MSAL with Python uses Interactive Flow.… keep reading
Azure AD User Account Federation Report
Which Azure AD Tenants is my user account federated too? More specifically, in which Azure Active Directory Tenants do I have an Azure Active Directory B2B Guest Account? Is there a way I can quickly get an Azure AD User Account Federation Report?… keep reading
Digital Identity. Are we there yet?
This post relates to my Microsoft Reactor Sydney presentation from July 6 2021 – Digital Identity. Are we there yet?
Your Digital Identity is the foundation of who you are in our modern online world. In this session we take a quick trip down memory lane reminiscing on how our online digital identities have evolved and our early attempts at managing and securing them.… keep reading
Microsoft MVP Renewal 2021/22
There is no denying that 2020/2021 has been a roller-coaster of a year. We are now 16 months into a global pandemic. That said, July is the annual Microsoft MVP (Most Valuable Professional) renewal process which has just been completed.… keep reading