2.7M+ Identities

2.7M+ Identities

In our first seven years we have secured & managed: Over 2.7 million enterprise identities for over a dozen different organizations

Saving an estimated $50M-$79M annually

12-Time MVP

12-Time MVP

From 2007-2019, our founder, David Lundell, received the Microsoft Most Valuable Professional Award

Wrote the Book

Wrote the Book

As pioneers in this ever-evolving field, we took on the formidable task of creating the first comprehensive book on identity management (about Microsoft Forefront Identity Manager 2010 -- now known as MIM) and continue to share vital information about identity management, especially in the Microsoft world.

Let us lock down your digital fortress

We have secured over 2.7 million identities. We can do it for you. Book a free 20 min consultation.

Book Time with an Expert

Latest

Introduction

Featured

For Identity Centered on Microsoft Cloud -- Entra ID

For Identity Centered on Microsoft Cloud – Entra ID

Entra ID – Microsoft is pouring more connections to cloud services, more GRC capabilities into Entra ID.

For Identity Centered on Premise

For Identity Centered on Premise

While support for Microsoft Identity Manager goes away in early 2029 – Many orgs continue to use MIM, especially for those with large on-premises investments that aren’t going away any time soon. Used in conjunction with Entra ID and/or HyperSync and your solution can cover the Cloud and all your GRC needs. We continue to support these orgs helping them keep MIM healthy and planning their transition.

For speedy Identity Management on prem or in the cloud at more efficient price

For speedy Identity Management on prem or in the cloud at more efficient price

HyperSync – A most intriguing option, HyperSync Panel is a high performance identity synchronization engine built on top of the Identity Panel application framework. Used in conjunction with Entra ID and MIM or all on its own, HyperSync and its associated products provide incredible GRC capabilities.

Testimonials

We have worked with many clients and we always like to hear they come out from the cooperation happy and satisfied. Have a look what our clients said about us.

  • David’s knowledge of SQL database systems and Identity Lifetime Manager is spectacular. His performance in envisioning and architecting Identity Management solutions is excellent and well directed. He is a gifted instructor, mentor and communicator. David’s speaking skills inform participant understanding and engagement with the complex technologies he has mastered. He possesses clear forethought regarding client needs. David is always willing to assist, participate in feedback on lessons learned, and step up to lead in new challenges. I highly endorse his work and his professional and personable style.

    Todd Kliewer

    Owner

  • David was able to apply his deep business and marketing acumen to increase the effectiveness and profitability of our Identity practice. David was also able to draw on his detailed technical background to act as leader and mentor to a team of technical individuals while drawing out their unique talents to work together and communicate effectively. David has been able to create a workplace rich in technical excellence which fosters respect and growth amongst the team. It has been a pleasure working with David in the past and I look forward to future chances to collaborate.

    Brad Turner

    Principal Engineering Services Manager at Microsoft

  • David is exactly what you would expect from a known MVP in the FIM community. His vast experience across identity, directory, and [many other] technologies are consistently key factors to the success of any project he is on. It was a pleasure and privilege to work with David on such projects, and would recommend with the utmost confidence.

    Jose Garza

    Premier Field Engineer at Microsoft

From our blog

Read more

Custom Attributes in Entra ID -- Decision Tree

By DavidLundell on October 1, 2025

This article is the eighth in a series about Custom Attributes in Entra ID and will step through the decision tree which I hope will be the definitive guide to which way to store custom data in Entra ID. Names and aliases Naming Conventions Resource Types Data Types Lifecycle Limitations Use Cases Decision Tree Is this custom data intended for Enterprise Applications or Managed Identities (both of which are of the servicePrincipal resource type)?

Continue reading

Read more

Custom Attributes in Entra ID -- Use Cases

By DavidLundell on October 1, 2025

This article is the seventh in a series about Custom Attributes in Entra ID and will discuss the use cases of each these approaches. There are seven use cases that have only one solution, three exclusive use cases for Extension Attributes, three exclusive for Custom Security Attributes and one for Directory Extensions. Names and aliases Naming Conventions Resource Types Data Types Lifecycle Limitations Use Cases Decision Tree Use Cases Extension attributes Directory Extensions Schema Extensions Open Extensions Custom Security Attributes Visible on Profile Card Y (Exclusive) N N N N Exchange Dynamic Groups Y (Exclusive) N N N N Group Dynamic Membership Rule Y Y N N N Administrative Unit Dynamic Membership rule Y Y N N N Inbound Cloud Provisioning Y Y N N N Cloud User App Provisioning Y Y N N N User App Provisioning Filtering Y Y N N N On Premise Sync Y Y N N N Cross Tenant Sync Y Y N N N Customized Token Claims Y Y N N N** Entra ID DS Y Y N N N Graph Filterable Y Y Y N Y Azure B2C Y Y N N N External ID Custom User Attributes N Y (Exclusive) N N N Restricted Access/Sensitive Data N N N N Y (Exclusive) Conditional Access Filter on Enterprise Applications N N N N Y (Exclusive) Conditional Access Filter on Devices Y (Exclusive) N N N N Conditional Access Filter on Users and Groups (via Dynamic Group Membership) Y Y N N N UI to manage the customizations N/A N* N N Y Azure ABAC N N N N Y (Exclusive) Lifecycle Workflows: Scope Filter Y Y N N Y Lifecycle Workflows: Trigger Attributes N N N N N Access package assignment Policy Y Y N N N My default answer: use a Directory Extension unless you can’t!

Continue reading

Read more

Custom Attributes in Entra ID -- Limitations

By DavidLundell on October 1, 2025

This article is the sixth in a series about Custom Attributes in Entra ID and will discuss the Limitations of each these approaches. Names and aliases Naming Conventions Resource Types Data Types Lifecycle Limitations Use Cases Decision Tree Limitation Extension attributes Directory Extensions Schema Extensions Open Extensions Custom Security Attributes Needs an App to own it N Y Y N but an App must create it N Values Per Resource 15 100 100 2 kb of data 50 Per App N/A 5 definitions 2 extensions N/A Per Tenant 15 Infinte Infinte Infinte 500 Schema can be shared Built in to every tenant If other tenants install your mult-tenant app Discoverable Globally N N Can exist on Synced User Y Y Y Y Y Must Manage on Prem for Synced User Y N* N N N *No, except for Directory extensions from the “Tenant Schema Extension App” used by Entra ID Connect Sync and Cloud Sync.

Continue reading

Read more

Custom Attributes in Entra ID -- Lifecycle

By DavidLundell on September 27, 2025

This article is the fifth in a series about Custom Attributes in Entra ID and will discuss the Lifecycle of each of these approaches. Names and aliases Naming Conventions Resource Types Data Types Lifecycle Limitations Use Cases Decision Tree Lifecycle Question Extension attributes Directory Extensions Schema Extensions Open Extensions Custom Security Attributes Has Lifecycle States?

Continue reading

Update cookies preferences