17.00 – 17.30 Welcome – pizza and soft drinks
17.30 – 18.15 Secure your application with OpenID Connect - Johannes Brodwall, SopraSteria
18.15 – 18.30 Lightning talk: IAM as part of a Cloud Adoption Framework – Microsoft’s perspective - Wayne Meyer, Director of Customer Success, Microsoft
18.45 - 19.30 One true digital Identity: On track to more secure solutions - Kjetil Smith, Crayon
19.30 – 20.00 Chatting, mingling
All sessions will be in English.
Secure your application with OpenID Connect
If we can trust the user we can do anything. If we can't trust our user, we can do nothing.
Almost all applications need to know who the user is. You could establish a user database with a password, but what prevents any random user to register as Donald Duck or Barack Obama? How do you find out who to trust?
Modern identity systems like Azure Active Directory, ID-porten as well as less secured ones use the same standard to establish the user identity with your application. In this presentation we will show and discuss the necessary steps to create and register an application with Azure Active Directory, ID-porten and Google, three leading OpenID Connect providers in the Norwegian markedspace.
We will cover how to configure and integrate with ID-porten, a required ID-provider for public sector services to the Norwegian population and how to setup, configure and administer Azure Active Directory application with multi-tenancy, B2B guest users and roles.
The demo application used in the presentation is available on https://github.com/jhannes/identity-fun. It’s implemented in Java and runs on Azure. A live version is running on https://javabin-openid-demo.azurewebsites.net/
By: Johannes Brodwall, SopraSteria
IAM as part of a Cloud Adoption Framework – Microsoft’s perspective
Identity and Access Management (IAM) tends to be a critical topic for companies of all sizes when implementing hybrid or cloud native architectures. It is but one of many critical topics that, for larger enterprises, should be addressed as part of an overall strategy for cloud adoption, not as a standalone silo. Hear how Microsoft views IAM as part of the Cloud Adoption Framework, a set of guidance, best practices, and tooling which provide a cohesive strategy and approach to cloud adoption.
Wayne Meyer, Director of Customer Success, Microsoft. Wayne is currently a director in Microsoft’s global Customer Success Team, focused on enabling Microsoft’s Azure technical field to adopt and deliver the Cloud Adoption Framework (CAF) globally.
One true digital Identity: On track to more secure solutions.
There is a jungle out there of different authentication solutions.We will go through a few important concepts for modern authentication mechanisms with the desire for a secure digital identity.
I will also talk about different IDP's including AWS Cognito, GCP identity, Okta, Identity Server, Oauth0 and of course Azure B2B and B2C. We will look at how to utilize Bankid and different protocolls, SAML 2 and OpenId Connect.
Last but not least we will look at different consepts for doing DevSecOps, especially DAST tools you should use to monitor, react, hunt and discloser authentication attacks. The the insight you get with these tools and why you turn on Conditional Access, use MFA and PIM in the portal will be explained. We will also look into concepts as passthrough, CBAC and why you shouldn't require the access role longer than you have to.
By: Kjetil Smith, Crayon
We take diversity seriously and adopt Conference Code of Conduct. Please follow it here: http://confcodeofconduct.com