Exercises and Labs

This is a list of things we want them to be comfortable doing. For this, we should create lab exercises and also have tests where they prove to us that they can complete these tasks quickly and correctly.

 

  • Install and Configure Cloud Gateway

  • Configure a simple code-free flat file wizard Account Store as HR

  • Configure the Account Inbox Join and Provision rules to create people from the HR flat-file and to terminate based on ValidUntil

  • Create a simple Business Role and Location tree mapped to Dynamic Hierarchy External Roles and Locations generated from the HR flat file

  • Simulate a mover event based on HR data changes

  • Configure the Advanced Leaver options understanding how they work and simulate a multi-step Leaver Event

  • Deploy and Configure the Azure AD SCIM Connector

  • Configure an Azure AD Account Store

  • Configure an AD Account Store

  • Configure an SAP Account Store

  • Create and configure a Tracking Only Account Store

  • Configure Attribute Flow Rules for all Account stores

  • Create and configure RETS for all Account Stores

  • Configure EmpowerID to use Azure Native Authentication

  • Configure EmpowerID to use Social Media Authentication

  • Configure EmpowerID to use Windows Authentication with the Remote IdP

  • Configure EmpowerID to require MFA for Admins

  • Perform Passwordless and usernameless login as an admin user

  • Configure an Admin Person for Persona Switching

  • Configure and use MFA (FIDO and EmpowerID Mobile App) for the Password Reset Center

  • Use T-RBAC to configure a person as a Group Membership Manager but only for Groups and Accounts below Germany

  • Clone a UI- mgmt role definition and make your own new Role Bundle which includes this modified mgmt role definition and all other T-RBAC Mgmt Roles to make it functional for your scenario

  • Create an Access Request Policy and understand its settings

  • Create an Approval Flow Policy and Approval Flow steps and understand their settings

  • Publish a management role to the IT Shop and set a group of people in another management role as Eligible. Assign your Access Request Policy and validate the approval flow works as expected.

  • Publish a management role to the IT Shop and set a group of people in another management role as pre-approved. Validated by requesting access as one of these people and as someone not in the mgmt role.

  • Create a 2nd Approval Flow Policy and set as the policy for a specific item type action like add account to group - verify that it works.

  • Birthright access (membership and permissions) based on roles

  • Birthright access (provisioning - RETs) based on roles

  • Create a 3rd Approval Flow Policy for “High Security Groups”. set it as the Approval Flow Policy for the Add Account to group Item Type Action but only for Groups with the “High Security Groups” Access Request Policy - verify that it works.

  • Configure and subscribe to the Daily Digest and Event emails and validate receipt of them.

  • ? Configure your tenant’s email delivery settings to work with Azure/Exchange Online EWS.