2025-10-12

Policy Enforcement, Authentication Models, Access Control

Cyber Log — October 12, 2025

Role: SysAdmin / Security+ Candidate / Red Team Path (Purple-Tint)
Location: San Diego, CA
Focus Areas: Policy Enforcement, Authentication Models, Access Control

Objectives

Study authentication and authorization frameworks to strengthen conceptual links between identity management and security policies.

Activities & Labs

Reviewed SSO, SAML, OAuth, and OpenID Connect relationships.
Compared SAML assertions vs OAuth tokens.
Experimented with conditional access using modern authentication in Entra ID test tenant.
Practiced least-privilege configurations through RBAC assignments.

Knowledge & Concept Highlights

Authentication vs authorization boundaries.
Token issuance and federation identity flow.
Practical application of RBAC and privilege minimization.

Tools & Commands

Entra ID portal role assignments.

Reflections & Takeaways

Clearer understanding of identity federation protocols and how they interconnect across services.
Authentication design directly impacts both usability and breach resilience.

End of Log — October 12, 2025