Building an Enterprise IAM Lab: Active Directory, Entra ID, RBAC & Access Governance

Most Identity & Access Management (IAM) skills are taught in theory — but real-world identity flows, access governance, and privileged access management require hands-on experience.

To bridge this gap, I built a full enterprise-style IAM lab simulating how organizations manage identities, enforce least privilege, and protect privileged accounts across the lifecycle.

Instead of just reading about IAM, I designed and configured everything myself.

Goal

Recreate a realistic enterprise IAM environment to demonstrate responsibilities of an IAM Analyst, including:

• Identity provisioning & lifecycle automation (Joiner–Mover–Leaver workflows)
• Role-Based Access Control (RBAC) and group-based access management
• Conditional Access policies and Multi-Factor Authentication (MFA)
• Access reviews, audit logging, and governance checks
• Privileged access management (PAM/PIM)
• Audit-ready compliance workflows (SOC 2, ISO 27001 concepts)

The goal was to understand not just how to create users — but how identity flows through a system, and how proper governance reduces organizational risk.

Architecture Overview

GitHub link: https://github.com/Shiphrah-identity/enterprise-iam-lab/tree/main