Identity & Access Management
The authority hub for identity and authentication — MFA, passwordless and passkeys, SSO/federation, Conditional Access, and privileged identity management.
Tools
Identity & Access Management Tools
Free, client-side tools — nothing is transmitted or stored.
Identity & MFA Readiness Assessment
Evaluate MFA coverage, Conditional Access, privileged access, passwordless readiness, SSO, and identity governance.
Open →
Passwordless Readiness Assessment
Evaluate readiness to adopt passkey/FIDO2 authentication — platform, device, and rollout planning.
Open →
Authentication Policy Generator
Generate a complete authentication and access policy document covering MFA, Conditional Access, and privileged access.
Open →
Conditional Access Planner
Generate a prioritized, ready-to-build Conditional Access policy plan.
Open →
Identity Governance Assessment
Evaluate access provisioning, review, and deprovisioning discipline.
Open →
Authentication Method Selector
Get a tailored authentication method recommendation by account type, device, and risk tolerance.
Open →
Downloads
Downloadable Resources
Free templates and guides — preview, copy, or download as Markdown or plain text.
Checklist
MFA Rollout Checklist
A step-by-step checklist for rolling out multi-factor authentication without a support-desk avalanche.
Open →
Worksheet
Conditional Access Policy Worksheet
A planning worksheet for designing Conditional Access policies before building them in the identity platform.
Open →
Guide
Privileged Access Governance Guide
A guide for reducing standing administrative privilege through just-in-time activation, break-glass accounts, and periodic review.
Open →
Guide
Passwordless Adoption Guide
A phased guide for rolling out passkeys and FIDO2/WebAuthn authentication across an organization.
Open →
Checklist
Identity Governance Checklist
A checklist covering provisioning, access reviews, and deprovisioning discipline across the identity lifecycle.
Open →
Template
Joiner-Mover-Leaver Template
A fill-in-the-blank template for documenting your organization's onboarding, role-change, and offboarding procedures.
Open →
Guide
Identity Security Best Practices
A consolidated reference covering the full set of current identity and authentication best practices in one document.
Open →
Guide
Authentication Architecture Guide
A reference architecture guide covering how authentication, SSO, Conditional Access, and privileged access fit together as one system.
Open →
Workbook
Conditional Access Planning Workbook
A multi-phase rollout workbook for planning a Conditional Access implementation from baseline to advanced policy sets.
Open →
Worksheet
Identity Governance Review Worksheet
A structured worksheet for conducting a periodic identity access review, with fields for findings and remediation.
Open →
Educational Articles
Understand the Fundamentals
Reference guides on authentication, MFA, passwordless authentication, and single sign-on.
Authentication Fundamentals
What authentication actually verifies, the three factor categories, and how authentication differs from authorization.
Beginner
Open →
Multi-Factor Authentication: Methods and Best Practices
MFA methods compared — SMS, authenticator apps, push notifications, and hardware keys — and how to roll out MFA without a support-desk avalanche.
Beginner
Open →
Passwordless Authentication and Passkeys
How passkeys and FIDO2/WebAuthn eliminate the password as an attack surface, and what a realistic adoption path looks like.
Intermediate
Open →
Single Sign-On and Federation Explained
How SSO works, and the difference between SAML, OAuth 2.0, and OpenID Connect — the three protocols underneath almost every SSO implementation.
Intermediate
Open →
Advanced Configuration
Conditional Access & Privileged Identity
Deeper implementation guidance for Microsoft Entra Conditional Access and privileged access governance.
Microsoft Entra Conditional Access: A Practical Guide
How Conditional Access policies work, common policy patterns, and how to roll them out without locking yourself out of your own tenant.
Intermediate
Open →
Privileged Identity Management and Privileged Access
Just-in-time admin access, privileged access workstations, and break-glass accounts — reducing standing privileged access without breaking emergency access.
Advanced
Open →
Governance & Threats
Lifecycle Governance & Attack Awareness
Identity Lifecycle and Joiner-Mover-Leaver Governance
Managing identity from onboarding through role changes to offboarding, and why leaver processes are the highest-risk stage.
Intermediate
Open →
Authentication Attacks: Phishing, MFA Fatigue, and Token Theft
How modern authentication bypass techniques work — adversary-in-the-middle phishing, MFA fatigue, and session token theft — and the controls that actually stop them.
Advanced
Open →
Quick Reference
The Short Version
Full treatment lives in the articles above.
Phishing-Resistant MFA
Hardware keys and passkeys cryptographically bind to the real destination — a fake login page cannot complete the exchange, unlike SMS or app codes.
Just-in-Time Privilege
A standing admin account is a full-time target. Time-boxed, justified activation shrinks the exposure window to only when privilege is actually in use.
Same-Day Offboarding
Delayed access revocation after an employee departs is one of the most frequently cited findings in security and compliance reviews.
Report-Only Before Enforcement
The most common Conditional Access incident is a policy that locks administrators out of their own tenant — test in Report-only mode first.
FAQ
Common Questions
What is the difference between authentication and authorization?
Authentication verifies who you are; authorization determines what you're allowed to do once verified. A correctly authenticated user can still be authorized for very little, and vice versa — see Authentication Fundamentals for the full distinction.
Is SMS-based MFA still worth using?
Yes, as a baseline it is dramatically better than no MFA — but it is meaningfully weaker than an authenticator app or hardware key against a targeted phishing attack. Reserve stronger, phishing-resistant methods for administrative and high-value accounts.
How does this cluster relate to Password Security?
Password Security covers the credential itself — length, uniqueness, storage. Identity & Access Management covers everything around that credential: how it's verified (MFA), how access is centralized (SSO), how context changes the decision (Conditional Access), and how privilege is governed over time.
How does this cluster relate to Microsoft 365 Security & Entra ID?
This cluster covers identity and authentication concepts generally, applicable to any identity platform. The Microsoft 365 Security & Entra ID hub applies those same concepts specifically to Microsoft 365 — Entra ID licensing, Defender for Office 365, Secure Score, and workload-specific Conditional Access patterns.
Operational Support
Need to close identity and access gaps across your organization?
IT KORR can design and implement Conditional Access policy, roll out phishing-resistant MFA, configure Privileged Identity Management, and build reliable identity lifecycle governance.
No commitment required — we respond within one business day.