The actionable layer of guptadeepak.com
Guides that teach you to do the thing.
After the research explains the landscape and before you pick a vendor, you have to actually build, migrate, or evaluate. Guides is that middle layer: opinionated how-tos, plain-English explainers, a citable glossary, and migration runbooks on identity, IAM, CIAM, AI security, and AppSec. Human-authored, honest about tradeoffs, no gate.
Families
How-To & Implementation
6 liveCode-forward, step-by-step guides that teach you to actually build the thing: SSO, passkeys, SCIM, MCP hardening.
Explainers
4 livePlain-English, opinionated breakdowns of the concepts and comparisons practitioners search for, with a verdict.
Glossary
35 liveShort, citable definitions of the identity, AI, and security vocabulary, built to be quoted verbatim by answer engines.
Migration
2 liveRunbooks for switching off a platform without downtime: inventory, data export, cutover, rollback, user comms.
Teardowns
soonHow real products handle auth, and post-mortems of the breaches an identity control would have stopped.
Stacks & Playbooks
1 liveOpinionated persona hubs: the minimum viable identity and security stack for a given kind of team, in order.
Featured guides
Add SSO to Your B2B SaaS (and Escape the SSO Tax)
IAM · practitioner · 9 minEnterprise deals stall without SSO. Here is how to add SAML and OIDC single sign-on the right way, model it multi-tenant, and price it without the SSO tax.
Implement Passkeys / WebAuthn (with code)
Identity · practitioner · 8 minA working guide to passkeys and WebAuthn: the ceremony, real server and browser code, synced vs device-bound tradeoffs, and the recovery design that makes or breaks it.
What Is CIAM (and How It Differs from IAM)
CIAM · intro · 7 minCIAM is customer identity: registration, consent, and login built for the people who buy from you, not the people who work for you. Here is how it differs from workforce IAM and when you need it.
OAuth 2.0 vs OIDC vs SAML
Identity · intro · 8 minOAuth 2.0 is authorization, OIDC adds authentication, and SAML is enterprise federation. Here is what each actually does, the token types, and a decision table for when to use which.
Migrate Off Akamai Identity Cloud Before the Deadline
CIAM · practitioner · 8 minA runbook for moving off Akamai Identity Cloud (formerly Janrain) before end-of-life: inventory, bulk export, just-in-time password migration, a staged cutover with rollback, and the user-comms plan.
Set Up SCIM Provisioning for Enterprise Customers
IAM · practitioner · 8 minHow to implement SCIM 2.0: the User and Group schema, the endpoints you must build, deactivate-not-delete flows, group-to-role mapping, and testing against Okta and Entra.
Secure an MCP Server
AI Security · advanced · 8 minAn MCP server hands a model the power to act. Here is how to secure it: authN/authZ per invocation, least-privilege tools, untrusted-output handling, brokered secrets, and audit logs.
Red-Team an LLM: A Practical First Pass
AI Security · advanced · 8 minA first pass at LLM red-teaming: the four failure classes, a starter probe set, direct vs indirect injection, scoring, guardrail limits, and turning it into a CI regression suite.
Pass SOC 2 as a Seed-Stage Startup
Startup · intro · 8 minThe honest seed-stage SOC 2 playbook: Type II scoped to Security, realistic cost and timeline, the three controls that matter, whether Vanta/Drata are worth it, and how to avoid theater.
RBAC vs ABAC vs ReBAC vs PBAC
IAM · practitioner · 9 minThe four authorization models compared: RBAC (role), ABAC (attributes), ReBAC (relationship), PBAC (policy). What each is, where each breaks, and a decision table for choosing.
What Is GEO (and How It Differs from SEO/AEO)
GEO/AEO · intro · 7 minGEO is optimizing to be the source AI answers cite, not to rank in a list of links. Here is how it differs from SEO and AEO, why citation share is the metric, and what a GEO program involves.
Migrate Off Auth0 Without Downtime
Identity · practitioner · 8 minA zero-downtime runbook for leaving Auth0: what is portable, trickle vs bulk migration, bcrypt hash export, Rules/Actions remapping, coexistence cutover, and rollback.
The Solo Founder's Identity & Security Stack
Startup · intro · 7 minThe minimum viable identity and security stack for a 1 to 5 person B2B SaaS, in priority order, with an honest do-now-vs-defer table and what to deliberately skip.
Glossary
All 35 terms →Short, citable definitions of the identity and security vocabulary, each cross-linked to the guide that explains it in depth.