Mateusz Jendza
@mjendza.bsky.social
Architect/Consultant/IAM/Azure/AWS
𝐇𝐨𝐰 𝐝𝐨 𝐲𝐨𝐮 𝐞𝐧𝐬𝐮𝐫𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐚𝐧𝐝 𝐚𝐮𝐝𝐢𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐰𝐡𝐞𝐧 𝐦𝐚𝐧𝐚𝐠𝐢𝐧𝐠 𝐒𝐞𝐫𝐯𝐢𝐜𝐞 𝐏𝐫𝐢𝐧𝐜𝐢𝐩𝐚𝐥𝐬 𝐚𝐧𝐝 𝐒𝐒𝐎 𝐚𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃?
My proposal with Backstage & Maester
#EntraID #IAM #DigitalIdentity
My proposal with Backstage & Maester
#EntraID #IAM #DigitalIdentity
October 20, 2025 at 8:36 AM
𝐇𝐨𝐰 𝐝𝐨 𝐲𝐨𝐮 𝐞𝐧𝐬𝐮𝐫𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐚𝐧𝐝 𝐚𝐮𝐝𝐢𝐭𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐰𝐡𝐞𝐧 𝐦𝐚𝐧𝐚𝐠𝐢𝐧𝐠 𝐒𝐞𝐫𝐯𝐢𝐜𝐞 𝐏𝐫𝐢𝐧𝐜𝐢𝐩𝐚𝐥𝐬 𝐚𝐧𝐝 𝐒𝐒𝐎 𝐚𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐄𝐧𝐭𝐫𝐚 𝐈𝐃?
My proposal with Backstage & Maester
#EntraID #IAM #DigitalIdentity
My proposal with Backstage & Maester
#EntraID #IAM #DigitalIdentity
Reposted by Mateusz Jendza
Google Pixel 10 phones natively support C2PA Content Credentials, providing verifiable, offline-capable provenance and hardware-backed security for photos and media.
Save What Matters
Curate Feeds | Make Collections | Customize Email Briefs
briefly.co
September 11, 2025 at 5:37 PM
Google Pixel 10 phones natively support C2PA Content Credentials, providing verifiable, offline-capable provenance and hardware-backed security for photos and media.
𝐏𝐚𝐫𝐭𝐧𝐞𝐫 𝐯𝐬 𝐂𝐮𝐬𝐭𝐨𝐦𝐞𝐫:
👉 Social Federation (Apple ID) vs Workforce Federation (Okta).
👉 Different levels of compliance and security.
👉 Different business owners and processes - but maybe the same tools and applications.
👉 Different SLA.
👉 Social Federation (Apple ID) vs Workforce Federation (Okta).
👉 Different levels of compliance and security.
👉 Different business owners and processes - but maybe the same tools and applications.
👉 Different SLA.
September 10, 2025 at 3:41 PM
𝐏𝐚𝐫𝐭𝐧𝐞𝐫 𝐯𝐬 𝐂𝐮𝐬𝐭𝐨𝐦𝐞𝐫:
👉 Social Federation (Apple ID) vs Workforce Federation (Okta).
👉 Different levels of compliance and security.
👉 Different business owners and processes - but maybe the same tools and applications.
👉 Different SLA.
👉 Social Federation (Apple ID) vs Workforce Federation (Okta).
👉 Different levels of compliance and security.
👉 Different business owners and processes - but maybe the same tools and applications.
👉 Different SLA.
👉 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐬𝐧'𝐭 𝐣𝐮𝐬𝐭 𝐚𝐛𝐨𝐮𝐭 𝐡𝐚𝐯𝐢𝐧𝐠 𝐬𝐭𝐫𝐨𝐧𝐠 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝𝐬...
It's about understanding your users, risk profile, and regulatory requirements to implement the RIGHT security measures for each context.
And you? Do you use similar authentication/authorization methods like on the screen?
It's about understanding your users, risk profile, and regulatory requirements to implement the RIGHT security measures for each context.
And you? Do you use similar authentication/authorization methods like on the screen?
September 4, 2025 at 7:34 AM
👉 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐬𝐧'𝐭 𝐣𝐮𝐬𝐭 𝐚𝐛𝐨𝐮𝐭 𝐡𝐚𝐯𝐢𝐧𝐠 𝐬𝐭𝐫𝐨𝐧𝐠 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝𝐬...
It's about understanding your users, risk profile, and regulatory requirements to implement the RIGHT security measures for each context.
And you? Do you use similar authentication/authorization methods like on the screen?
It's about understanding your users, risk profile, and regulatory requirements to implement the RIGHT security measures for each context.
And you? Do you use similar authentication/authorization methods like on the screen?
What is the best tool to review public Entra ID Tenant data?
For me: AADInternals OSINT (site & PowerShell module)
We can get complete details about the tenant, including:
👉 Tenant ID
👉 Tenant Name (onmicrosoft domain)
👉 Domains (all domains connected with tenant)
👉 Brand name
#EntraID
For me: AADInternals OSINT (site & PowerShell module)
We can get complete details about the tenant, including:
👉 Tenant ID
👉 Tenant Name (onmicrosoft domain)
👉 Domains (all domains connected with tenant)
👉 Brand name
#EntraID
April 11, 2025 at 4:01 PM
What is the best tool to review public Entra ID Tenant data?
For me: AADInternals OSINT (site & PowerShell module)
We can get complete details about the tenant, including:
👉 Tenant ID
👉 Tenant Name (onmicrosoft domain)
👉 Domains (all domains connected with tenant)
👉 Brand name
#EntraID
For me: AADInternals OSINT (site & PowerShell module)
We can get complete details about the tenant, including:
👉 Tenant ID
👉 Tenant Name (onmicrosoft domain)
👉 Domains (all domains connected with tenant)
👉 Brand name
#EntraID
Do you need to meet complicated password requirements?
Feel free to use a 60-character password.
PS> To improve security, I pasted it as a picture!
Feel free to use a 60-character password.
PS> To improve security, I pasted it as a picture!
April 1, 2025 at 12:27 PM
Do you need to meet complicated password requirements?
Feel free to use a 60-character password.
PS> To improve security, I pasted it as a picture!
Feel free to use a 60-character password.
PS> To improve security, I pasted it as a picture!
💥 Blog Post Alert 💥
𝐀 𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝐎𝐮𝐫 𝐒𝐒𝐎 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
Do you move from the SQL table with username & password?
Do you own more than one application?
Are you facing a sign-in screen all the time?
Check my blog post on how Sing Sign In works 🚀
mjendza.net/post/sso/
#EntraID #SSO
𝐀 𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝐎𝐮𝐫 𝐒𝐒𝐎 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
Do you move from the SQL table with username & password?
Do you own more than one application?
Are you facing a sign-in screen all the time?
Check my blog post on how Sing Sign In works 🚀
mjendza.net/post/sso/
#EntraID #SSO
A Comprehensive Overview of Our SSO Implementation
Work efficiently with your Identity Provider: Entra ID and enable SSO for your applications (IAM and CIAM)
mjendza.net
March 28, 2025 at 9:38 AM
💥 Blog Post Alert 💥
𝐀 𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝐎𝐮𝐫 𝐒𝐒𝐎 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
Do you move from the SQL table with username & password?
Do you own more than one application?
Are you facing a sign-in screen all the time?
Check my blog post on how Sing Sign In works 🚀
mjendza.net/post/sso/
#EntraID #SSO
𝐀 𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐎𝐯𝐞𝐫𝐯𝐢𝐞𝐰 𝐨𝐟 𝐎𝐮𝐫 𝐒𝐒𝐎 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
Do you move from the SQL table with username & password?
Do you own more than one application?
Are you facing a sign-in screen all the time?
Check my blog post on how Sing Sign In works 🚀
mjendza.net/post/sso/
#EntraID #SSO
💡 𝐌𝐲 𝐄𝐧𝐭𝐫𝐚 𝐄𝐱𝐭𝐞𝐫𝐧𝐚𝐥 𝐈𝐃 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞 💡
I recommend a couple of components:
👉 Management API.
👉 User Flows & Customization.
👉 Entra ID as Code.
👉 Profile as a central place to manage user details.
👉 My demo application: Portal.
🏷️ Extra: Verified ID for External ID tenant
#EntraID #CIAM
I recommend a couple of components:
👉 Management API.
👉 User Flows & Customization.
👉 Entra ID as Code.
👉 Profile as a central place to manage user details.
👉 My demo application: Portal.
🏷️ Extra: Verified ID for External ID tenant
#EntraID #CIAM
March 26, 2025 at 8:11 AM
A friendly reminder ;)
👉 Use Fido2 keys
👉 Use software passkey with your password managers
👉 Verifiable Credentials can also be used as a passwordless method
🚀 Passwordless is easier to use than complex long password
👉 Use Fido2 keys
👉 Use software passkey with your password managers
👉 Verifiable Credentials can also be used as a passwordless method
🚀 Passwordless is easier to use than complex long password
March 12, 2025 at 5:27 PM
A friendly reminder ;)
👉 Use Fido2 keys
👉 Use software passkey with your password managers
👉 Verifiable Credentials can also be used as a passwordless method
🚀 Passwordless is easier to use than complex long password
👉 Use Fido2 keys
👉 Use software passkey with your password managers
👉 Verifiable Credentials can also be used as a passwordless method
🚀 Passwordless is easier to use than complex long password
I checked my bank account history three times. The wire was not provided to me ;)
Link: www.ft.com/content/9921...
Link: www.ft.com/content/9921...
March 4, 2025 at 7:38 AM
I checked my bank account history three times. The wire was not provided to me ;)
Link: www.ft.com/content/9921...
Link: www.ft.com/content/9921...
👉Blog Post Alert
Discover how token enrichment can streamline your customer authentication processes and enhance security.
Explore how the Identity Platform can support your business needs and unlock new possibilities.
Discover how token enrichment can streamline your customer authentication processes and enhance security.
Explore how the Identity Platform can support your business needs and unlock new possibilities.
February 5, 2025 at 7:50 AM
👉Blog Post Alert
Discover how token enrichment can streamline your customer authentication processes and enhance security.
Explore how the Identity Platform can support your business needs and unlock new possibilities.
Discover how token enrichment can streamline your customer authentication processes and enhance security.
Explore how the Identity Platform can support your business needs and unlock new possibilities.
🚀I stopped using Visio, and other tools for:
👉 Big Picture diagrams
👉 Sequence Diagrams
And moved to PlantUML, creating all diagrams as code.
And you?
👉 Big Picture diagrams
👉 Sequence Diagrams
And moved to PlantUML, creating all diagrams as code.
And you?
January 31, 2025 at 7:21 AM
🚀I stopped using Visio, and other tools for:
👉 Big Picture diagrams
👉 Sequence Diagrams
And moved to PlantUML, creating all diagrams as code.
And you?
👉 Big Picture diagrams
👉 Sequence Diagrams
And moved to PlantUML, creating all diagrams as code.
And you?
Reposted by Mateusz Jendza
🎉 pg_documentdb is open source
I created the initial version with Vinod Sridharan (an absolutely brilliant engineer) at Microsoft a few years ago and it's come a long way since.
It reimplements Mongo API with exact semantics in PostgreSQL. Already used by FerretDB!
github.com/microsoft/do...
I created the initial version with Vinod Sridharan (an absolutely brilliant engineer) at Microsoft a few years ago and it's come a long way since.
It reimplements Mongo API with exact semantics in PostgreSQL. Already used by FerretDB!
github.com/microsoft/do...
GitHub - microsoft/documentdb: DocumentDB offers a native implementation of document-oriented NoSQL database, enabling seamless CRUD operations on BSON data types within a PostgreSQL framework.
DocumentDB offers a native implementation of document-oriented NoSQL database, enabling seamless CRUD operations on BSON data types within a PostgreSQL framework. - microsoft/documentdb
github.com
January 23, 2025 at 7:58 PM
🎉 pg_documentdb is open source
I created the initial version with Vinod Sridharan (an absolutely brilliant engineer) at Microsoft a few years ago and it's come a long way since.
It reimplements Mongo API with exact semantics in PostgreSQL. Already used by FerretDB!
github.com/microsoft/do...
I created the initial version with Vinod Sridharan (an absolutely brilliant engineer) at Microsoft a few years ago and it's come a long way since.
It reimplements Mongo API with exact semantics in PostgreSQL. Already used by FerretDB!
github.com/microsoft/do...
Simple & Amazing tool to stress your HTTP
github.com/codesenberg/...
PS> Are you ready to return 429 status code 🤔
github.com/codesenberg/...
PS> Are you ready to return 429 status code 🤔
January 28, 2025 at 5:54 PM
Simple & Amazing tool to stress your HTTP
github.com/codesenberg/...
PS> Are you ready to return 429 status code 🤔
github.com/codesenberg/...
PS> Are you ready to return 429 status code 🤔
Next place where you can check the technical details for Verifiable Credentials: sandbox to play around with different business types and Data Model 1.1 and 2.0
#verifiablecdedentials #sandbox
vcplayground.org
#verifiablecdedentials #sandbox
vcplayground.org
vcplayground.org
January 23, 2025 at 3:32 PM
Next place where you can check the technical details for Verifiable Credentials: sandbox to play around with different business types and Data Model 1.1 and 2.0
#verifiablecdedentials #sandbox
vcplayground.org
#verifiablecdedentials #sandbox
vcplayground.org
💥 If you're looking to dive deep into the Verifiable Credentials flow, this is the first place you should visit!
lnkd.in/dak5xidM
The diagrams in the article are amazing and provide a clear visual representation of the process.
#VerifiableCredentials #Identity #DigitalIdentity
lnkd.in/dak5xidM
The diagrams in the article are amazing and provide a clear visual representation of the process.
#VerifiableCredentials #Identity #DigitalIdentity
LinkedIn
This link will take you to a page that’s not on LinkedIn
lnkd.in
January 22, 2025 at 11:02 AM
💥 If you're looking to dive deep into the Verifiable Credentials flow, this is the first place you should visit!
lnkd.in/dak5xidM
The diagrams in the article are amazing and provide a clear visual representation of the process.
#VerifiableCredentials #Identity #DigitalIdentity
lnkd.in/dak5xidM
The diagrams in the article are amazing and provide a clear visual representation of the process.
#VerifiableCredentials #Identity #DigitalIdentity
Reposted by Mateusz Jendza
Hello token friends, do you use the content of the access token as part of your application. Then be aware that Microsoft will switch to encrypted access token and this might break stuff.
Switch to id token. #EntraID
https://devblogs.microsoft.com/identity/access-tokens-and-id-tokens/
Switch to id token. #EntraID
https://devblogs.microsoft.com/identity/access-tokens-and-id-tokens/
January 21, 2025 at 6:30 PM
Hello token friends, do you use the content of the access token as part of your application. Then be aware that Microsoft will switch to encrypted access token and this might break stuff.
Switch to id token. #EntraID
https://devblogs.microsoft.com/identity/access-tokens-and-id-tokens/
Switch to id token. #EntraID
https://devblogs.microsoft.com/identity/access-tokens-and-id-tokens/
January 20, 2025 at 10:37 AM
💡 With Verifiable Credentials
👉 a full authorization flow for payments (I created a Factorlabs Bank Demo to show you the Business Case 🪙
👉also authorize access (also physical access) as a security guard 🤵
Do you have any scenario with authentication and/or authorization scenarios?
👉 a full authorization flow for payments (I created a Factorlabs Bank Demo to show you the Business Case 🪙
👉also authorize access (also physical access) as a security guard 🤵
Do you have any scenario with authentication and/or authorization scenarios?
January 18, 2025 at 12:31 PM
💡 With Verifiable Credentials
👉 a full authorization flow for payments (I created a Factorlabs Bank Demo to show you the Business Case 🪙
👉also authorize access (also physical access) as a security guard 🤵
Do you have any scenario with authentication and/or authorization scenarios?
👉 a full authorization flow for payments (I created a Factorlabs Bank Demo to show you the Business Case 🪙
👉also authorize access (also physical access) as a security guard 🤵
Do you have any scenario with authentication and/or authorization scenarios?
My favourite 'Cost analysis' view is Group by resource with the Daily Granuariry:
- My workloads are 'stable' I don't have picks so monthly prediction can be based on a daily consumption
- Based on the diagram I can decide and move to another resource type to limit the cost of the solution
- My workloads are 'stable' I don't have picks so monthly prediction can be based on a daily consumption
- Based on the diagram I can decide and move to another resource type to limit the cost of the solution
January 18, 2025 at 11:13 AM
My favourite 'Cost analysis' view is Group by resource with the Daily Granuariry:
- My workloads are 'stable' I don't have picks so monthly prediction can be based on a daily consumption
- Based on the diagram I can decide and move to another resource type to limit the cost of the solution
- My workloads are 'stable' I don't have picks so monthly prediction can be based on a daily consumption
- Based on the diagram I can decide and move to another resource type to limit the cost of the solution
Need a Morse Code Translator?
Check morsecodetranslator.com also there is a GitHub repository :)
github.com/ozdemirburak...
Build your own Morse Translator 🥸
#ItCanBeFun
Check morsecodetranslator.com also there is a GitHub repository :)
github.com/ozdemirburak...
Build your own Morse Translator 🥸
#ItCanBeFun
January 18, 2025 at 11:01 AM
Need a Morse Code Translator?
Check morsecodetranslator.com also there is a GitHub repository :)
github.com/ozdemirburak...
Build your own Morse Translator 🥸
#ItCanBeFun
Check morsecodetranslator.com also there is a GitHub repository :)
github.com/ozdemirburak...
Build your own Morse Translator 🥸
#ItCanBeFun
Verifiable Credentials (VC) facts and cases:
- passwordless for your Identity Provider (authentication)
- a framework used by EIDAS to authorize via National ID
- coupons, gift cards
- authorize physical access and person-people verification
- with national ID can be a captcha verification
1/2
- passwordless for your Identity Provider (authentication)
- a framework used by EIDAS to authorize via National ID
- coupons, gift cards
- authorize physical access and person-people verification
- with national ID can be a captcha verification
1/2
January 18, 2025 at 10:10 AM
Verifiable Credentials (VC) facts and cases:
- passwordless for your Identity Provider (authentication)
- a framework used by EIDAS to authorize via National ID
- coupons, gift cards
- authorize physical access and person-people verification
- with national ID can be a captcha verification
1/2
- passwordless for your Identity Provider (authentication)
- a framework used by EIDAS to authorize via National ID
- coupons, gift cards
- authorize physical access and person-people verification
- with national ID can be a captcha verification
1/2
Look at the blog post if you are thinking about the solution to speed up token enrichment with authorization data.
In my opinion many cases for 80% of calls the response is static (Pareto principal) and with a key-value store, we can deliver the response fast!
www.feldera.com/blog/fine-gr...
In my opinion many cases for 80% of calls the response is static (Pareto principal) and with a key-value store, we can deliver the response fast!
www.feldera.com/blog/fine-gr...
Solving Fine-Grained Authorization by Turning the Problem on its Head
Build a high-performance policy engine with only a few lines of SQL.
www.feldera.com
January 16, 2025 at 7:59 AM
Look at the blog post if you are thinking about the solution to speed up token enrichment with authorization data.
In my opinion many cases for 80% of calls the response is static (Pareto principal) and with a key-value store, we can deliver the response fast!
www.feldera.com/blog/fine-gr...
In my opinion many cases for 80% of calls the response is static (Pareto principal) and with a key-value store, we can deliver the response fast!
www.feldera.com/blog/fine-gr...
DOOM as captcha 😍
One of the methods to protect your CIAM system from synthetic (for example fake accounts with 10 min mailbox) is the captcha system.
The best one is not involving you as a user to prove you are human.
But look this one is amazing ;)
doom-captcha.vercel.app
#CIAM #syntetic
One of the methods to protect your CIAM system from synthetic (for example fake accounts with 10 min mailbox) is the captcha system.
The best one is not involving you as a user to prove you are human.
But look this one is amazing ;)
doom-captcha.vercel.app
#CIAM #syntetic
DOOM® CAPTCHA
Prove you're human by playing DOOM
doom-captcha.vercel.app
January 11, 2025 at 1:39 PM
DOOM as captcha 😍
One of the methods to protect your CIAM system from synthetic (for example fake accounts with 10 min mailbox) is the captcha system.
The best one is not involving you as a user to prove you are human.
But look this one is amazing ;)
doom-captcha.vercel.app
#CIAM #syntetic
One of the methods to protect your CIAM system from synthetic (for example fake accounts with 10 min mailbox) is the captcha system.
The best one is not involving you as a user to prove you are human.
But look this one is amazing ;)
doom-captcha.vercel.app
#CIAM #syntetic