IAM Automation Toolkit

Complete

Cybersecurity Identity/Production Analyst September 2025 – November 2025

Overview

A set of PowerShell automations built to replace manual click-ops processes for identity lookups, access requests, and account lifecycle tasks within T-Mobile’s IAM environment.

Problem

Security-critical IAM workflows were handled through manual, repetitive processes — clicking through multiple consoles, copy-pasting user data, and hand-verifying access requests. This introduced error paths and consumed significant analyst time on routine operations.

Approach

Parameterized scripts with input validation and guardrails to prevent misuse in production
Structured logging for audit trails on all identity operations
Reusable modules integrated with IAM APIs for consistent, repeatable execution
Power Automate flows for streamlining queued identity lifecycle cases

Outcome

Cut manual processing time by ~75%
Improved consistency across identity requests by removing human variance
Replaced click-ops with idempotent automation in security-critical workflows

Lessons Learned

Input validation and guardrails are non-negotiable for scripts that touch production IAM systems
Structured logging pays dividends during incident investigation and audit reviews
Automation adoption requires clear documentation — scripts are only useful if the team trusts and understands them