Securing a Global Giant: Inside IKEA's Identity Strategy with Martin

In this insightful discussion, Martin Sandren from IKEA joins Entra Chat to discuss the evolving landscape of IAM.The episode covers critical considerations for modern identity strategies, including the trade-offs between syncable and device-bound passkeys, the necessity of robust regression testing for Conditional Access, and advancements in identity proofing methods.Subscribe with your favorite podcast player or watch on YouTube 👇About Martin SandrenMartin Sandren is the IAM Lead at Inter IKEA, overseeing the systems that support IKEA's worldwide presence. His extensive background includes over twenty years of experience as an IAM product lead, architect, engineering manager, and developer.Beyond his role at IKEA, he is actively involved in the identity community as a frequent speaker at international conferences and a founder of the Digital Identity Amsterdam meetup and the Amsterdam chapter of IdentiBeer, and is active within the idNext foundation and IDPro.LinkedIn - https://linkedin.com/in/martinsandren/🔗 Related Links• IAM Conferences in Europe📗 Chapters00:00 Intro02:51 Martin's Journey into Entra & Early IAM Experiences05:35 Early Entra Wins: Simplified Sign-in Logging07:02 Value of Microsoft's Preview Feature Model (Private/Public/GA)09:39 Evolution of Federation: SAML/OIDC Then vs Now13:22 The Rise of SCIM for User Provisioning14:47 Cloud Standardization vs On-Prem Customization Trade-offs16:48 Identity Governance & Multi-Tenant Organizations (MTO)19:01 The Power & Complexity of Conditional Access20:23 Resilience & Offline Scenarios in IAM23:12 Challenges with Guest User Management & Governance26:16 Cross-Tenant Sync vs Connected Organizations27:49 The "Schrodinger's Cat" Problem with Guest Accounts30:58 Mastering Conditional Access Policies: Best Practices & Pitfalls32:41 Shifting Security Focus: From Network to Identity Defense-in-Depth34:04 Adapting Security for Different User Populations (Frontline Workers)35:21 Leveraging ITDR, Risky User Signals & Red Teaming38:00 Importance of Regression Testing CA Policies (Meister Tool)39:08 Edge Cases: SSPR & Certificate-Based Authentication Conflicts40:37 Securing Conditional Access Group Memberships42:40 Identity Proofing, Onboarding & Phishing Risks46:01 Wishlist: Granular Read Permissions in Entra48:36 Passkeys & Phishing-Resistant MFA: Progress & Challenges (Android Usability)50:01 Strategy: Syncable vs Device-Bound Passkeys51:58 Embracing Standards: SSF & CAPE Protocols53:04 Advice for Newcomers to the Identity & Access Management Field54:55 Closing RemarksPodcast Apps🎧 Apple Podcast → https://entra.chat/apple📺 YouTube → https://entra.chat/youtube📺 Spotify → https://entra.chat/spotify🎧 Overcast → https://entra.chat/overcast🎧 Pocketcast → https://entra.chat/pocketcast🎧 Others → https://entra.chat/rssMerill's socials📺 YouTube → youtube.com/@merillx👔 LinkedIn → linkedin.com/in/merill🐤 Twitter → twitter.com/merill🕺 TikTok → tiktok.com/@merillf🦋 Bluesky → bsky.app/profile/merill.net🐘 Mastodon → infosec.exchange/@merill🧵 Threads → threads.net/@merillf🤖 GitHub → github.com/merill Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe