WhoIAM Locksmith brings enterprise-level secret rotation to Azure environments, particularly focusing on identity and access management (IAM) platforms such as Microsoft Entra, Entra External ID and Azure AD B2C. It provides secret expiration notifications, automatic key vault secret replacement, and interconnected system configuration updates.
Continue ReadingThe detection and combat of mule accounts are an ongoing problem that banks are trying to solve. Currently, I am working hard with Microsoft’s DFP engineering team and the WhoIAM architects to craft a solution that can eradicate this virtual plague that is getting out of hand, risking and compromising citizen accounts, and the reputation of financial institutions. -Muna Annahas
Continue ReadingThe verifiable credentials spec is interesting enough to completely change the way we handle user identities. At the end of the day though, the thing that matters is getting it working and into the hands of real users. In this post, I'll walk you through how we implemented Entra Verified ID. - By Matt Takemoto
Continue ReadingVerifiable Credentials seeks to eliminate the need to store your passwords and sensitive data on someone else's server. Instead, you would store a credential that lives on your device. So, instead of the identity provider being the source of truth for "are you who you say you are", you and your device are. The spec also allows for a couple of interesting privacy-preserving features. Say you have a student ID card that has your full name and ID number - By Matt Takemoto
Continue ReadingPresented by Ajith Alexander, Founder and Head of Product Management at WhoIAM and Sondra Feinberg from the Dynamics Fraud Protection division at Microsoft, this webinar demonstrates how Microsoft’s Dynamics Fraud Protection combined with Azure cloud is designed to mitigate all types of fraud from server to account and application-level attacks.
Continue ReadingWhoIAM has joined the Microsoft Intelligent Security Association and has launched its new product in the MISA partner catalog. The new product, Rampart, is an authorization engine and helpdesk administration tool for Microsoft Azure Active Directory (Azure AD) External Identities.
Continue ReadingLearn how to integrate Azure AD B2C into PowerApps using custom policies
Continue ReadingPreventing users from using previously used passwords is an important industry requirement. In this blog, we look at how you can implement password history with Azure AD B2C.
Continue ReadingMatt Takemoto, our newest software engineer at WhoIAM describes how he revisited a Spotify account breach he experienced in the past after he started working at an identity/security company.
Continue ReadingMigrating from an older identity and access management solution often requires some careful thought on how to port over hashed and salted passwords into your new IAM system. In this post, we will discuss how to deal with migrating hashed passwords from your current identity provider into Azure AD B2C
Continue ReadingAs a company implementing an IAM solution, it is essential to have a plan for mitigating hard-to-discover attacks like credential stuffing. Keep in mind that while you must enforce security measures, there’s careful consideration that needs to go into providing a highly secure authentication mechanism, while ensuring that the friction of logging into your app does not result in customers just dropping off and not completing a registration or sign-in.
Continue ReadingWe frequently get enterprise customers who are deploying Azure AD B2C for their consumer identity needs and have to carefully consider how their customer helpdesk needs to be prepared to deal with the transition to a new consumer identity platform.
Continue Reading