This session is a hands-on approach to identity management in Kubernetes. This session will walk users through integrating Active Directory via OpenID Connect, enabling the audit log, debugging RBAC policies and finally enabling and configuring pod security policies. We will deep dive into the how-and-why of OpenID Connect in Kubernetes and work through options of authentication and benefits of each. We will go beyond the API server and talk about securing support applications like the dashboard and Grafana too. Students will walk away with practical knowledge on how to enable these key security features in the Kubernetes and will have access to repositories to rebuild the lab environment on their own. The only tools needed by the attendees are a laptop with a web browser and ssh client. Everything else will be provisioned for them in the cloud. (Developer, API Protection, Security, Standards, Authorization, Marc Boorshtein)