Entra IAM: Real-Time Automation with Logic Apps

Key insights

• Cloud-Native Identity Solution: Elkjøp Nordic successfully migrated from a legacy NetIQ platform to Microsoft Entra, building their identity and access management (IAM) directly in the cloud without using traditional tools like Entra Connect. They adopted a "production-only" environment, focusing on real-time automation and custom integrations.


• Logic Apps for Automation: The team used Logic Apps in Azure to automate workflows for identity lifecycle management. This allowed them to create customized provisioning processes and automate key IAM tasks without manual intervention.


• App Roles & Modern Authentication: By leveraging App Roles, Elkjøp Nordic managed permissions and access based on user roles within applications. They enforced strict modern authentication policies, improving security by ensuring only authorized users could access sensitive resources.


• Microsoft Identity Governance: They utilized Microsoft Identity Governance features to control and audit access, helping meet compliance requirements while maintaining efficient access controls across the organization.


• "Prod-Only" Philosophy & Custom Connectors: The company embraced a "prod-only" mindset, deploying changes directly into production after thorough validation. They also built custom connectors for real-time synchronization between systems, enabling smooth migration away from legacy platforms.


• AI-Driven Security Enhancements: With recent updates in Microsoft Entra, they benefited from AI-driven features that optimize conditional access policies and detect suspicious activities automatically. These advancements further strengthened their identity protection and response capabilities.

Introduction: A Pioneering Shift to Cloud-Native Identity Management

In a recent YouTube video, Merill Fernando sits down with Maqsood Bhatti, the IAM Principal Engineer at Elkjøp Nordic, to discuss the company’s bold journey from legacy identity solutions to a fully cloud-native Microsoft Entra environment. Rather than following traditional migration paths, Elkjøp Nordic bypassed tools like Entra Connect and adopted a “production-only” approach, signaling a major shift in how organizations can manage identity and access at scale. This conversation sheds light on the strategies, challenges, and innovations behind their transformation, offering valuable insights for IT professionals considering similar transitions.

The video not only highlights the technical aspects of their migration but also explores the broader implications for security, automation, and governance in modern enterprises. Through their experience, Elkjøp Nordic demonstrates that embracing new technologies and methodologies can be both challenging and rewarding, especially when balancing the need for innovation with operational stability.

From NetIQ to Microsoft Entra: Charting the Migration

Elkjøp Nordic’s journey began with a legacy NetIQ platform, which had served them since 2006. However, as the demands of digital transformation increased, so did the limitations of legacy systems. Instead of taking a gradual or hybrid approach, the team decided to make a direct leap to Microsoft Entra, opting to build a cloud-native solution from the ground up. This move was ambitious, as it meant foregoing traditional tools like Entra Connect and instead relying on custom connectors and real-time synchronization.

One of the most notable aspects of their migration was the decision to operate in a “prod-only” environment. While this approach accelerates deployment and reduces overhead, it also introduces risks—such as limited testing and potential for operational disruptions. Nevertheless, by focusing on automation and robust governance, Elkjøp Nordic successfully managed these tradeoffs, achieving a balance between speed and reliability.

Automating Identity: The Role of Logic Apps and App Roles

Central to Elkjøp Nordic’s strategy was the use of Logic Apps and App Roles within Microsoft Entra. By leveraging Logic Apps, the team was able to automate complex identity lifecycle processes, reducing manual intervention and ensuring that access management remained both efficient and secure. Custom connectors enabled seamless integration between systems, while App Roles provided granular control over user permissions.

This high level of automation brought several advantages, including faster onboarding and offboarding, improved compliance, and reduced risk of human error. However, it also required careful planning and ongoing oversight to ensure workflows remained aligned with business needs. The team’s ability to customize workflows for specific scenarios underscores the flexibility of Microsoft’s identity platform, but also highlights the importance of clear governance to prevent misconfigurations.

Challenges and Tradeoffs: Navigating the Modernization Process

Transitioning from a legacy platform to a cloud-native solution is rarely straightforward. Elkjøp Nordic faced several challenges, such as decommissioning their old NetIQ environment and bridging gaps with Entra ID Domain Services. These steps required not only technical expertise but also a willingness to adapt established processes and retrain staff. Moreover, skipping Entra Connect meant that the team had to develop custom solutions for password synchronization and data migration.

The tradeoffs involved in this modernization were significant. While automation and cloud-native infrastructure offered scalability and resilience, they also introduced new complexities, particularly around security and compliance. Maintaining rigorous identity governance was essential to avoid excessive permissions or unauthorized access, and the team’s experience illustrates the careful balance required between innovation and risk management.

Future Outlook: Embracing AI and Continuous Improvement

Looking ahead, the integration of AI-driven features in Microsoft Entra promises to further enhance identity protection and automation. Real-time analytics and machine learning can help organizations detect suspicious activity and automate responses, reducing the burden on IT teams and improving overall security. For Elkjøp Nordic, continuous improvement remains a priority, as they seek to refine their workflows and adopt new technologies to stay ahead of evolving threats.

Ultimately, the discussion between Merill Fernando and Maqsood Bhatti offers a compelling case study on the power and potential of real-time Entra IAM automation. By sharing both their successes and challenges, they provide a roadmap for other organizations navigating the complexities of digital transformation in identity and access management.

Keywords

Real-Time Entra IAM Automation Logic Apps App Roles Identity Management Azure Automation Cloud Security Integration