Some best practices for Identity and Access Management (IAM)

Treat identity as the primary security perimeter: Identity is the new perimeter for security. It is essential to centralize identity management and manage connected tenants.

Centralize identity management: In a hybrid identity scenario, integrate your on-premises and cloud directories. Integration enables your IT team to manage accounts from one location, regardless of where an account is created.

Manage connected tenants: Your security organization needs visibility to assess risk and to determine which users and applications have access to your resources.

Enable single sign-on: Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

Turn on Conditional Access: Conditional Access is a policy-based evaluation engine that lets you create access rules for connected applications.

Plan for routine security improvements: Plan for routine security improvements to ensure that your security posture remains robust.

Enable password management: Enable password management to ensure that users have strong passwords and that they change them regularly.

Enforce multifactor verification for users: Multifactor verification is a security mechanism that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Use role-based access control: Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise.

Lower exposure of privileged accounts: Limit the number of people who have privileged access to your resources.

Control locations where resources are located: Control the locations where your resources are located.

I hope this helps!