In January 2025, our Swiss colleague Nico Wyss introduced an innovative tool called «Access Package Builder» as a freely accessible SaaS solution.
In an era where digital environments are growing ever more intricate, the importance of efficient identity and access management cannot be overstated. The challenge of managing user access to various resources and determining appropriate timescales can be quite overwhelming. Fortunately, the Access Package Builder from Nico offers a streamlined solution to these challenges. This innovative tool works in perfect harmony with Entra ID Identity Governance, allowing organizations to easily create bespoke access packages. Dive into this guide to discover how effectively utilizing the Access Package Builder can transform and enhance your access management practices.
Access Package Builder
In 2024, Nico Wyss had the brilliant idea to develop a Microsoft Entra ID Access Package Builder for the community. This innovative solution was unveiled in its first version in January 2025 and is available for free.
Naturally, I couldn’t pass up this opportunity, so I’ve put together an initial setup and brief review blog post for you.
Setup
You can find the Access Package Builder directly via this link: https://accesspackagebuilder.azurewebsites.net/
To use the tool, we need to connect our Microsoft Entra organization and grant Microsoft Graph permissions to the web application. The following steps outline the simple setup process.
- To get started, click on «Try it Free» on the website.
- You will be directly redirected to the Microsoft login page. Log in there with an admin account that has at least the Entra role «Application Administrator» or higher. Now you can grant the Enterprise application «Access Package Builder» access to your tenant.
- Now you are logged into the tool and will be greeted with instructions immediately.
The initial setup was completed within a few minutes.
Data Quality
In order for the Access Package Builder to provide you with reliable data, it must be ensured that various attributes on the Entra ID user object are correctly maintained. For this purpose, Nico has incorporated a data analysis into his tool, which shows you in red which attributes are still missing for which user.
Additionally, at the top of the page, you have a complete Identity Governance overview of your tenant, which displays various information such as guest users, app registrations, and much more, really cool.
Visualization
In the second step, the magic of the tool really comes into play. Visually, the individual relationships of your Entra ID identities to the company and Entra groups are now displayed.
It is important to note that there is currently a limitation of 500 users and 500 edges.
Based on the analysis of the data, algorithmic suggestions for Access Packages are now made on three levels.
- Default Access Package
- Company Access Packages
- Department Access Packages
In my case, there are currently no suggestions, as I have not yet corrected various data. I will definitely take care of this afterwards to take a closer look at the recommendations in detail.
Finally, two more things are displayed if they contain data.
- Unassigned Groups
- Excluded Users
Conclusion
A really cool tool that Nico started developing in 2024. I can recommend every IT administrator of a medium to large company to take a look at it. I have been a big fan of Access Packages for a long time, especially in the Joiner/Mover/Leaver (JML) process, as it can be very helpful and save IT administrators a lot of time and effort.
I am excited to see how the tool will continue to develop and have already noticed that Nico has big plans, such as the implementation of a lifecycle workflow. Wow, I am really looking forward to that.