For next few weeks, I’ll go through MS Identity Platform and share how application can use the Platform to authenticate and authorize the users.
![](https://cloud-security.blog/wp-content/uploads/2022/11/image-2.png?w=925)
Microsoft Identity platform components includes
- Authentication/Authorization services based on the industry standards OAuth 2.0 , OpenID Connect , SAML v2.0 and RBAC
- MSAL (Microsoft Authentication Library)
- Application Management Portal (Used for Application registration and configuration)
- Application configuration via API and PowerShell
Authentication
What is it?
Authentication is the process of proving that you are who you say you are.
Supported Industry standard ?
Microsoft Identity Platform supports OpenID Connect. Azure AD supports SAML and WS-Federation.
Authorization
What is it?
Authorization is the act of granting an authenticated party permission to do something.
What are Industry standard supported ?
Microsoft Identity Platform uses OAuth 2.0 Protocol. Role Based Access control (RBAC) provides access management for azure resources.
Before we see how Microsoft Identity Platform is using the Industry standard . I’ll briefly explain about basics of the standards.
SAML V2.0
- SAML stands for Security Assertion Markup Language and works based on XML between IDP and SDP.
- IDP , (Example Azure AD) Identity Provider authenticates and authorizes the users.
- SDP (Example , Application), Trusts the IDP and provides access to the users.
- SAML works based on claim based authentication. Claim is an attribute (Like Username, Email Address) added to the authentication token.
![](https://cloud-security.blog/wp-content/uploads/2022/11/image-3.png?w=903)
(Snip from Auth0 blog)
SAML SSO Flow
- User logs into the application. This created SAML request and redirects to the IDP (In this case Auth0)
- IDP authentication and authorizes the uses and sends the SAML response back to the browser. Which in return is send to the SDP.
- After successful verification, the users is logged into the Application.
Here is a Link on how to integrate SAML SSO with SAAS application (In this case Atlassian)
Next week , we will look into OAuth 2.0 and how it works along OpenID Connect.
Leave a comment