Azure Identity Services Flashcards
Identity
Digital representation of a person, application or device (ex: applications have different permissions to do certain things just as a person in the real world)
Usually to authenticate your identity its required a password, a secret key or a certificate to prove that you are who you say you are.
Azure provides an identity management systems based on their “Active Directory”.
Examples of identities
Name, Email, Monthly Payroll Application (needs an identity in the system), a printer in the office (as an identity on the network), …
Identity Hacks
- Passwords stored in plain text;
- Simple, reversible hash algorithms;
- Not enforcing password change policies or password complexity policies;
Standards of authentication
SAML (tokenized access); OpenID; WS Federation.
Benefits of Azure ID
- Security (because so many people use it, many bugs have been found);
- Reduced development time and easier support;
- More features to enhance security of your application;
- Centralized administration (dashboards, grant and revoke accesses, reports);
- Only one user ID and password – Single Sign-On (same for your applications and Azure AD);
- Integration with other Azure services;
Authentication vs Authorization
Authentication – user proving who they are.
Authorization – what can a user do; levels of privileges.
Azure Active Directory
Azure Active Directory is the preferred solution for identity management, like user access control. Complete solution with single sign-on. Supports “conditional access” – it detects unusual activity or something suspicious and require somebody to take some extra measures to prove who they are (entering from a different device or location, login in after months of inactivity, …). Signal – Decision – Enforcement.
Azure, Skype, Outlook, OneDrive, Xb0x, Office 365 all use Azure Active Directory to validate accesses.
