Scenario — TrailBlaze Adventures Identity Sprawl and Access Control Challenge
TrailBlaze Adventures operates a global digital ecosystem where customers, guides, employees, local partners, suppliers, support agents, and administrators all need different types of access.
As the company expanded rapidly, identity and access management became fragmented. Different regions created their own accounts, partner portals, admin groups, and access practices. Some users authenticate through the central identity provider, while others still use local accounts or partner-managed credentials.
- Customers use accounts for booking, payments, social posts, private messages, reviews, and travel history.
- Guides access trip manifests, customer safety notes, offline maps, emergency contacts, GPS tools, and incident forms.
- Support agents access customer profiles, booking changes, refunds, complaints, and emergency support workflows.
- Local partners access selected itinerary data, equipment reservations, customer pickup details, and operational schedules.
- Administrators manage content moderation, user reports, payment settings, guide assignments, and infrastructure dashboards.
- Developers and DevOps engineers access repositories, cloud consoles, deployment pipelines, logs, secrets, and production systems.
Current IAM concerns
- Some regional partners still use shared accounts to access the partner portal.
- MFA is required for administrators but optional for guides and support staff.
- Role definitions are inconsistent between regions and business units.
- Former seasonal guides sometimes retain mobile-app access after contracts end.
- Privileged access to cloud consoles and production databases is not consistently monitored.
Business pressure
- TrailBlaze wants fast onboarding for temporary guides during peak travel seasons.
- Partners need limited access without complex account administration.
- Customers expect easy login, social sharing, and account recovery.
- Support teams need enough access to help travelers during emergencies.
- Security teams want stronger access control without blocking field operations.
Student assignment
Investigate the case
Analyze the TrailBlaze IAM scenario and identify key challenges related to identity and access management.
- Which user groups and system identities exist in the environment?
- Which users require strong authentication or multi-factor authentication?
- Where do permissions appear excessive, unclear, or inconsistent?
- Which identities need lifecycle controls for onboarding, role changes, and offboarding?
- Where should privileged access management, federation, or access reviews be applied?
Identify Domain 5 challenges
Group your findings under authentication, authorization, access control models, identity lifecycle, privileged access, federation, and access governance.
Link challenges to Domain 5 concepts
Connect each identified challenge to CISSP Domain 5 concepts and explain why that concept is relevant for managing TrailBlaze identities securely.
Domain 5 challenges to investigate
Authentication and Account Takeover
- MFA is not consistently required for guides, support staff, and partners.
- Customer accounts are exposed to credential stuffing because reused passwords are common.
- Account recovery workflows may allow social engineering against support teams.
Authorization and Access Models
- Roles differ between regions, creating inconsistent access rights.
- Support agents may have broader access to customer data than required.
- Partner access is not consistently limited to necessary itinerary and logistics data.
Identity Lifecycle Management
- Seasonal guides need fast onboarding and reliable offboarding.
- Former contractors may retain access after contracts end.
- Role changes are not always reflected in permissions quickly.
Privileged Access
- Cloud administrators and DevOps engineers have powerful access to production systems.
- Privileged actions are not always logged, reviewed, or approved.
- Emergency access may bypass normal controls without sufficient oversight.
Federation and Partner Identity
- Some local partners use shared accounts instead of named identities.
- Partner-managed identities are not consistently trusted or verified.
- Federated access could simplify partner onboarding but introduces trust dependencies.
Access Governance
- Access reviews are irregular and mostly manual.
- There is no clear evidence that users still need their assigned permissions.
- Identity governance is not yet integrated with compliance and audit requirements.
Link challenges to Domain 5 concepts
Students must connect each identified challenge to CISSP Domain 5 concepts.
| Challenge | Domain 5 Concept | Explanation |
|---|---|---|
| MFA is optional for guides and support staff | Multi-Factor Authentication / Strong Authentication | Users with access to sensitive customer or operational data require stronger authentication to reduce account takeover risk. |
| Customers reuse passwords across platforms | Credential Management / Credential Stuffing | Credential stuffing attacks exploit reused passwords, so monitoring, MFA, and password protections are needed. |
| Support agents have broad customer-data access | Least Privilege / Role-Based Access Control | Support roles should only receive permissions necessary for specific support tasks. |
| Regional roles are inconsistent | Role Engineering / RBAC | Roles must be standardized and designed around business functions to avoid privilege drift. |
| Partners use shared accounts | Identification / Accountability | Shared accounts prevent reliable accountability because actions cannot be linked to a specific person. |
| Partner access depends on external organizations | Federated Identity / Identity Provider | Federation can support partner access but requires trust in external identity providers and clear governance. |
| Former seasonal guides retain access | Deprovisioning / Identity Lifecycle | Access must be removed when users leave or contracts end to prevent unauthorized use. |
| Guides need different access based on trip context | Attribute-Based Access Control | Access can depend on attributes such as assigned trip, region, time, role, and device. |
| Cloud admins have powerful production access | Privileged Access Management | Privileged accounts require approval, monitoring, session recording, and strict access controls. |
| Emergency access bypasses normal controls | Access Governance / Audit Trail | Emergency access may be necessary but must be logged, reviewed, and justified afterward. |
| Access reviews are manual and irregular | Access Review / Identity Governance | Periodic reviews verify that users still require their permissions and support compliance evidence. |
| Users access multiple platforms separately | Single Sign-On / Identity Federation | SSO can improve usability and centralize authentication controls across TrailBlaze systems. |
Learning outcomes
Analyze identities
Identify human, partner, administrative, and system identities in a complex global platform.
Apply authentication controls
Determine where MFA, adaptive authentication, credential protections, and account recovery controls are needed.
Design authorization
Apply RBAC, ABAC, least privilege, and need-to-know principles to practical access decisions.
Govern access
Plan identity lifecycle, privileged access management, access reviews, and federation controls.
Instructor tip
Use this case in three phases:
Map identities
Students identify all user groups, service accounts, partner identities, and privileged accounts.
Analyze access
Students decide which access model fits each group and where MFA or PAM is required.
Design IAM controls
Students propose lifecycle workflows, access reviews, federation rules, and privileged access governance.