In this insightful discussion, Martin Sandren from IKEA joins Entra Chat to discuss the evolving landscape of IAM.
The episode covers critical considerations for modern identity strategies, including the trade-offs between syncable and device-bound passkeys, the necessity of robust regression testing for Conditional Access, and advancements in identity proofing methods.
Subscribe with your favorite podcast player or watch on YouTube 👇
About Martin Sandren
Martin Sandren is the IAM Lead at Inter IKEA, overseeing the systems that support IKEA's worldwide presence. His extensive background includes over twenty years of experience as an IAM product lead, architect, engineering manager, and developer.
Beyond his role at IKEA, he is actively involved in the identity community as a frequent speaker at international conferences and a founder of the Digital Identity Amsterdam meetup and the Amsterdam chapter of IdentiBeer, and is active within the idNext foundation and IDPro.
LinkedIn - https://linkedin.com/in/martinsandren/
🔗 Related Links
📗 Chapters
00:00 Intro
02:51 Martin's Journey into Entra & Early IAM Experiences
05:35 Early Entra Wins: Simplified Sign-in Logging
07:02 Value of Microsoft's Preview Feature Model (Private/Public/GA)
09:39 Evolution of Federation: SAML/OIDC Then vs Now
13:22 The Rise of SCIM for User Provisioning
14:47 Cloud Standardization vs On-Prem Customization Trade-offs
16:48 Identity Governance & Multi-Tenant Organizations (MTO)
19:01 The Power & Complexity of Conditional Access
20:23 Resilience & Offline Scenarios in IAM
23:12 Challenges with Guest User Management & Governance
26:16 Cross-Tenant Sync vs Connected Organizations
27:49 The "Schrodinger's Cat" Problem with Guest Accounts
30:58 Mastering Conditional Access Policies: Best Practices & Pitfalls
32:41 Shifting Security Focus: From Network to Identity Defense-in-Depth
34:04 Adapting Security for Different User Populations (Frontline Workers)
35:21 Leveraging ITDR, Risky User Signals & Red Teaming
38:00 Importance of Regression Testing CA Policies (Meister Tool)
39:08 Edge Cases: SSPR & Certificate-Based Authentication Conflicts
40:37 Securing Conditional Access Group Memberships
42:40 Identity Proofing, Onboarding & Phishing Risks
46:01 Wishlist: Granular Read Permissions in Entra
48:36 Passkeys & Phishing-Resistant MFA: Progress & Challenges (Android Usability)
50:01 Strategy: Syncable vs Device-Bound Passkeys
51:58 Embracing Standards: SSF & CAPE Protocols
53:04 Advice for Newcomers to the Identity & Access Management Field
54:55 Closing Remarks
Podcast Apps
🎧 Apple Podcast → https://entra.chat/apple
📺 YouTube → https://entra.chat/youtube
📺 Spotify → https://entra.chat/spotify
🎧 Overcast → https://entra.chat/overcast
🎧 Pocketcast → https://entra.chat/pocketcast
🎧 Others → https://entra.chat/rss
Merill's socials
📺 YouTube → youtube.com/@merillx
👔 LinkedIn → linkedin.com/in/merill
🐤 Twitter → twitter.com/merill
🕺 TikTok → tiktok.com/@merillf
🦋 Bluesky → bsky.app/profile/merill.net
🐘 Mastodon → infosec.exchange/@merill
🧵 Threads → threads.net/@merillf
🤖 GitHub → github.com/merill
Share this post