Microsoft Identity Platform – Part 1

For next few weeks, I’ll go through MS Identity Platform and share how application can use the Platform to authenticate and authorize the users.

Microsoft Identity platform components includes

  • Authentication/Authorization services based on the industry standards OAuth 2.0 , OpenID Connect , SAML v2.0 and RBAC
  • MSAL (Microsoft Authentication Library)
  • Application Management Portal (Used for Application registration and configuration)
  • Application configuration via API and PowerShell

Authentication

What is it?

Authentication is the process of proving that you are who you say you are. 

Supported Industry standard ?

Microsoft Identity Platform supports OpenID Connect. Azure AD supports SAML and WS-Federation.

Authorization

What is it?

Authorization is the act of granting an authenticated party permission to do something. 

What are Industry standard supported ?

Microsoft Identity Platform uses OAuth 2.0 Protocol. Role Based Access control (RBAC) provides access management for azure resources.

Before we see how Microsoft Identity Platform is using the Industry standard . I’ll briefly explain about basics of the standards.

SAML V2.0

  • SAML stands for Security Assertion Markup Language and works based on XML between IDP and SDP.
  • IDP , (Example Azure AD) Identity Provider authenticates and authorizes the users.
  • SDP (Example , Application), Trusts the IDP and provides access to the users.
  • SAML works based on claim based authentication. Claim is an attribute (Like Username, Email Address) added to the authentication token.

(Snip from Auth0 blog)

SAML SSO Flow

  • User logs into the application. This created SAML request and redirects to the IDP (In this case Auth0)
  • IDP authentication and authorizes the uses and sends the SAML response back to the browser. Which in return is send to the SDP.
  • After successful verification, the users is logged into the Application.

Here is a Link on how to integrate SAML SSO with SAAS application (In this case Atlassian)

Next week , we will look into OAuth 2.0 and how it works along OpenID Connect.

armiar

,

One response to “Microsoft Identity Platform – Part 1”

  1. Microsoft Identity Platform – Part 3 Avatar
    Microsoft Identity Platform – Part 3

    […] Part 1 and Part2, we have been looking at the basics of identity (AuthN and AuthZ) and how SAML and OAuth […]

    Like

    Reply

Leave a comment