Skip to content

dr-deee/IAM-Identity-Governance-Access-Review-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
IAM-Identity-Governance-Access-Review-Lab
IAM-Identity-Governance-Access-Review-Lab
 
 
README.md
README.md
 
 

Repository files navigation

Identity Governance & Access Reviews Lab

Project Overview

This project simulates an Identity Governance and Administration (IGA) process within an Active Directory environment.

The lab demonstrates how organizations perform access reviews, validate user permissions, remove unnecessary access, and maintain audit evidence in support of security, compliance, and least-privilege principles.

The objective was to review user access assignments, identify excessive privileges, perform remediation actions, and document the entire review process.

Technologies Used

  • Windows Server 2022
  • Active Directory Domain Services (AD DS)
  • Active Directory Users and Computers (ADUC)
  • PowerShell
  • Security Groups

Identity Governance Concepts Demonstrated

  • Identity Governance Administration (IGA)
  • Access Reviews
  • Access Certification
  • Least Privilege
  • Access Remediation
  • Security Group Management
  • Audit Documentation
  • Compliance Readiness

Environment

Domain

corp.local

Security Groups

  • Finance_Review
  • HR_Review
  • SOC_Review

Users

User Department
Sarah Finance Finance
Daniel HR Human Resources
Michael SOC Security Operations

Access Assignments

User Assigned Group
Sarah Finance Finance_Review
Daniel HR HR_Review
Michael SOC SOC_Review

Access Review Scenario

A quarterly access review was conducted to validate user access across the environment.

During the review, it was determined that:

  • Daniel HR no longer required access to HR resources.
  • Access was deemed unnecessary based on current business requirements.
  • Remediation actions were approved and executed.

Remediation Action

The following action was performed:

Remove-ADGroupMember -Identity "HR_Review" -Members "Daniel.hr" -Confirm:$false

The user was successfully removed from the HR_Review security group and access was verified after remediation.

Evidence Collected

The following evidence was captured throughout the project:

  • Security groups created
  • User accounts created
  • Group memberships before review
  • Access review findings
  • Remediation actions
  • Group memberships after remediation
  • Audit documentation

Documentation

The project includes the following documentation:

  • 01-Project-Overview.md
  • 02-Access-Assignments.md
  • 03-Access-Review-Findings.md
  • 04-Remediation-Actions.md
  • 05-Lessons-Learned.md

Key Learning Outcomes

Through this project, I gained practical experience in:

  • Conducting access reviews
  • Managing Active Directory security groups
  • Applying least-privilege principles
  • Performing access remediation
  • Supporting audit and compliance requirements
  • Documenting identity governance activities

Project Status

Completed

This lab demonstrates a foundational Identity Governance workflow commonly used in enterprise IAM programs to ensure users maintain only the access required for their job responsibilities.

About

Identity Governance & Access Review lab demonstrating access certification, least-privilege enforcement, access remediation, audit evidence collection, and Active Directory security group management.

Topics

iam active-directory audit cybersecurity windows-server compliance identity-management governance access-management least-privilege identity-governance access-review

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors