NOW BOOKING: March - May 2026 Sessions

IAM Meets Developers Workshop

Stop Losing Hours to the "Gray Zone" Between IAM and App Development

When authentication breaks, who owns the fix? Hours turn into days while teams try to figure out if it's an IAM configuration issue or an application code problem — and users can't sign in.

This workshop teaches you to dramatically accelerate diagnosis and resolution of these gray zone issues using systematic troubleshooting with OAuth2, OIDC, MSAL, and Microsoft Entra ID — with hands-on practice using AppConfig² Suite.

❌ Before This Workshop:

"Auth is broken" tickets bounce for 2-5 days
AADSTS error codes require escalation
Token issues need deep Microsoft docs research

✅ After This Workshop:

Diagnose root cause in minutes, not days
Map errors to fixes independently
Decode and validate tokens confidently

Book a Workshop

THE PROBLEM

The Gray Zone: Where Authorization Issues Live

The Symptom

"User can't access the resource" — but is it a permission issue? Token configuration? Consent problem? MSAL integration error? Network trace shows cryptic error codes.

The Communication Gap

IAM admins say "app registration looks fine." Developers say "we're just calling MSAL." Each team has the right answer for their domain, but support tickets still bounce between them for days.

The Time Sink

Junior engineers escalate immediately. Mid-level engineers spend hours reading Microsoft docs. Senior engineers know the patterns — but debugging still takes too long.

The Solution

Learn the systematic troubleshooting framework that lets you map symptoms to root causes in minutes — whether you're an IAM admin, developer, or support engineer.

How You'll Solve Real Problems

Stop guessing. Start diagnosing with confidence.

Map Symptoms to Root Causes

Learn the diagnostic flowchart: Is it permissions? Token config? Missing app role? MSAL error?

Decode What's Really Happening

Inspect tokens, trace flows, and understand OAuth2/OIDC mechanics in minutes

Bridge the Communication Gap

Speak both IAM and developer language — collaborate more effectively across teams

Resolve Issues Significantly Faster

Apply systematic troubleshooting to reduce resolution time and handle more issues independently

WHO THIS IS FOR

Do Any of These Sound Familiar?

The Escalation Engineer

"I get tickets that say 'auth is broken' but I don't know where to start. Is it Entra ID config? App code? It takes multiple conversations with different teams to get clarity."

After this workshop: You'll have a diagnostic checklist that maps symptoms to root causes quickly and confidently.

The Frustrated Developer

"MSAL throws cryptic errors. IAM team says 'app registration is correct.' I've read 20 StackOverflow threads but still can't fix token issues."

After this workshop: You'll understand OAuth2 flows well enough to interpret MSAL errors and fix them yourself.

The Overloaded IAM Admin

"Developers keep requesting overly broad permissions without understanding the security implications. I have to push back, explain least privilege, and review every consent request manually."

After this workshop: Developers will understand permission scopes and make appropriate requests, reducing your review overhead.

Ideal for Teams Experiencing:

Migration to Microsoft Entra ID authentication

Frequent auth-related support tickets bouncing between teams

Communication gaps between IAM and development teams

Need to reduce MTTR for authentication issues

Need to upskill junior/mid-level engineers

Building/maintaining Entra ID integrated applications

8 Focused Modules

Module 1: Where IAM Meets App Development
Identify gray zones and ownership boundaries
Module 2: App Registration vs Service Principal
Why the two-object architecture matters for troubleshooting
Module 3: OAuth2.0 Endpoints & Flows
Compare /authorize vs /token endpoints across different grant flows
Module 4: MSAL Under the Hood
Debug MSAL effectively and trace authentication flows
Module 5: Developer-IAM Interface
The identity contract that prevents miscommunication
Module 6: SPA vs Web App vs Web API
Architecture patterns and their authentication requirements
Module 7: Permissions & Consent
Static vs dynamic consent, delegated vs application permissions
Module 8: Token & Claims Validation
JWT structure, v1/v2 tokens, optional claims configuration

Who Should Attend

Developers integrating with Microsoft Entra ID
Level 2/3 support engineers
IAM architects & administrators
Security engineers & compliance officers
Technical consultants
DevOps/Platform engineers
Solution architects

Technical Depth

This is an intermediate to advanced technical workshop. Attendees should be comfortable with:

Reading and understanding HTTP requests/responses
Basic JSON structure and JWT concepts
Understanding of authentication vs. authorization
Experience with web application development or troubleshooting

Not suitable for: Complete beginners to web authentication or business stakeholders seeking high-level overview only.

Workshop Formats

Duration
8 hours (2× half-day)
Delivery Options
• Online (live virtual)
• On-site (Prague, Czechia only)
Group Size
6-10 participants (optimal interaction)
Hands-On
Live AppConfig² environment included - accessible 30 days after the workshop to test all workshop scenarios

Note: While this workshop uses AppConfig² Suite for demonstrations, participants do not depend on it. All troubleshooting techniques work with standard tools (Azure Portal, PowerShell, Graph Explorer, JWT decoders). The workshop focuses on understanding IAM mechanics, not tool dependency.

Download Complete Workshop Overview (PDF)

Includes detailed agenda, learning outcomes, and sample exercises

Why Choose Our Workshop

Tool-Integrated Learning

Use AppConfig² during exercises for real-world experience

Scenario-Based

Real authentication failures from enterprise support cases

Immediate ROI

Significantly reduce auth issue resolution time

Post-Workshop Support

30 days email Q&A included with every workshop

MEET YOUR INSTRUCTOR

Tonino Filipović

Microsoft Entra ID Specialist & AppConfig² Suite Creator

Tonino brings over 25 years of hands-on experience in identity and access management, with deep expertise in Microsoft Entra ID, Kerberos, OAuth2, and OIDC protocols. As the architect behind AppConfig² Suite, he has solved numerous real-world authentication issues across enterprise environments.

His experience spans architecting IAM solutions for global organizations, troubleshooting complex authentication flows, and bridging the communication gap between IAM administrators and development teams. This workshop distills practical patterns from years of enterprise support cases and production deployments.

Connect on LinkedIn

Areas of Expertise

Microsoft Entra ID Architecture
OAuth2 & OIDC Protocols
Enterprise IAM Solutions
Authentication Troubleshooting
Security & Compliance

What You'll Walk Away With

Concrete skills you can apply Monday morning:

1

⚡ Triage auth issues systematically and efficiently

Problem: Support tickets sit for days bouncing between teams.
Solution: Use the diagnostic flowchart to map symptoms ("AADSTS errors", "missing claims", "consent loop") to root causes (IAM config vs app code vs network) much faster.

2

🔍 Decode token issues more independently

Problem: "Token doesn't have the right claims" but you don't know why.
Solution: Inspect JWT structure, understand v1/v2 token differences, configure optional claims, and validate token signatures with confidence.

3

🗣️ Communicate across teams confidently

Problem: IAM and dev teams talk past each other.
Solution: Understand both perspectives — know when to say "delegated vs application permissions" and when to say "MSAL acquireTokenSilent() is failing."

4

🛠️ Fix OAuth2/OIDC flow issues independently

Problem: MSAL errors like "AADSTS65001" are cryptic.
Solution: Map error codes to flow stages (/authorize vs /token), understand redirect URIs, and trace consent mechanics end-to-end.

5

📋 Audit app registrations for security gaps

Problem: Over-permissioned apps create security risks.
Solution: Review App Registration vs Service Principal relationships, apply least privilege, and validate permission requests before granting consent.

6

📚 Build a troubleshooting playbook for your org

Problem: Every engineer reinvents the wheel when debugging auth.
Solution: Take home cheat sheets, flow diagrams, and real-world scenarios to train your team and reduce repeat tickets.

What Teams Can Expect to Achieve

(conservative estimate)

60%+

Estimated reduction in auth issue resolution time*

5–10 hrs

Saved per engineer (assuming ~8–15 hours/month currently spent on auth issues)*

More Independent

Handle common auth issues with less escalation

*Conservative estimates based on expert experience and pilot feedback. Actual results vary by team maturity and issue frequency.

PILOT WORKSHOP VALIDATION

Tested with Real Development Teams

Results from our internal pilot with 8 developers and support engineers

8/8

Would recommend to their peers

~65%

Estimated reduction in auth issue resolution time
(based on team feedback)

4.7/5

Average relevance rating for daily work

"The Developer-IAM Interface module alone saved us hours of back-and-forth. We now have a checklist for what we need from IAM before starting any new integration."

— Senior Full-Stack Developer
Pilot Workshop Participant

"I've been debugging MSAL errors for 2 years. Finally understanding what's happening behind the scenes makes me much more confident in troubleshooting."

— Mid-Level Frontend Developer
Pilot Workshop Participant

"The 'Gray Zone' concept clicked immediately. Our L2 support team can now triage auth issues without escalating to architects every time."

— Support Engineer (L2)
Pilot Workshop Participant

Note: Testimonials are from our internal pilot workshop conducted in January 2026. As we expand to external clients, we'll continue gathering feedback to improve the workshop experience.

Invest Your Saved Time Where It Matters

Reduce troubleshooting from hours to minutes and redirect that time to high-value activities

Improve Processes

Develop systematic troubleshooting playbooks, implement preventive measures, and create team knowledge bases

Mentor & Teach

Train junior engineers, conduct knowledge sharing sessions, and build organizational IAM expertise

Enhance Security

Focus on proactive security reviews, implement least privilege policies, and strengthen authentication architecture

Frequently Asked Questions

No. While we use AppConfig² for demonstrations during the workshop, all troubleshooting techniques work with standard tools (Azure Portal, PowerShell, Microsoft Graph Explorer, JWT.io). The workshop teaches fundamental IAM concepts, not tool dependency.

The workshop is designed for technical professionals (developers, support engineers, IAM admins). We recommend attendees have at least intermediate understanding of web applications and HTTP. If your team includes junior members, consider pre-workshop prep materials (we can provide).

Yes. During booking, share your organization's common auth challenges. We can incorporate your scenarios into exercises while maintaining core workshop objectives. Custom scenarios work best with 8+ participant bookings.

Complete workshop slide decks
Troubleshooting flow diagrams and cheat sheets
Hands-on exercise scenarios
30-day access to AppConfig² demo environment
30 days of email Q&A support

The workshop focuses specifically on Microsoft Entra ID (formerly Azure AD) and MSAL. While OAuth2/OIDC principles apply universally, examples and exercises use Microsoft's identity platform. Not suitable for AWS Cognito, Auth0, or Okta-specific implementations.

Ready to Resolve Gray Zone Issues Faster?

Stop losing hours on authentication problems. Book your workshop today!

Request Booking