Identity Governance & Access Review lab demonstrating access certification, least-privilege enforcement, access remediation, audit evidence collection, and Active Directory security group management.

Graph-powered access intelligence for IAM, Active Directory and file server permissions. Explain who has access, why it exists and what changes before you remove it.

Read-only Microsoft Entra ID (Azure AD) access review PowerShell scanner + Python report that scores MFA gaps, privileged roles, legacy auth, Conditional Access and PIM risks into an A–F posture report for ISO 27001 / NIS2 audits.

Manage identity and access with RBAC, ABAC, OAuth2/OIDC, approval flows, and audit logs for secure enterprise control

Simulated IAM support tickets in Microsoft Entra ID covering MFA validation, joiner access, mover cleanup, leaver cleanup, and access validation.

Enterprise Multi-Cloud Identity Governance Engine — automated access review with risk scoring, audit reports and SIEM integration (Azure, AWS, Google)

AI-powered IAM access reviewer — connects to Okta, pulls user and access data, sends it to Claude for security analysis, and generates a risk report. Pairs with okta-chaos-generator.

Privilege exception router for Okta elevated access tied to UKG workforce status.

Demonstrates an Identity & Access Management (IAM) governance workflow including access review procedures, evidence collection, findings, remediation tracking, and password policy hardening using a Windows lab environment.

Identity cost avoidance brief for stale Okta apps, UKG inactive workers, and license-reduction decisions.

Workforce role risk map for Okta role assignments, UKG job codes, and manager-safe attestations.

Operator control plane for Microsoft Entra access reviews, privileged-role decisions, stale approvals, and identity-governance remediation posture.

IAM governance project demonstrating access reviews, RBAC simulation, privileged access analysis, and identity governance workflows using Microsoft Entra ID.

Read-only Azure & Microsoft Entra ID access discovery scanner. Inventories RBAC, directory roles, group-derived access, service principal ownership, Key Vault policies, PIM, and more — with CSV, JSON & XLSX reporting.

React + TypeScript control-plane for access posture, policy exceptions, remediation tracking, and executive identity governance visibility.

Hands-on exercises for Azure identity services

Operator surface for CyberArk PAM safe certifications, anomaly detection, and ServiceNow access-review ticket sync. Browser-only, no telemetry. AGPL-3.0.

Lifecycle access reconciler for UKG workforce events, Okta entitlement drift, and termination-risk cleanup.

Read-only IAM access review with synthetic report outputs for SOC 2/NIST evidence.

Enterprise IAM access review pipeline — detects orphaned accounts, privileged access without review, dormant accounts and missing certifications across 150 users, 20 applications and 400 role assignments.