Azure Identity and Active Directory
→ Whenever a user logs in to an account, he does it with his identity.
→ The username and email ID are basic keys.
→ Along with other details we also require — a password, a secret key, or a certificate to prove our identity.
Note: Certificates are basically cryptographically signed files.
Traditional Way of Encryption:
→ Some years back Frontend Application (i.e. Web App, Mobile App, Web Browser) sent a user ID and password to the server.
→ Usually password is one-way encrypted i.e. hashed MD5 and cannot be retrieved back.
→ Server checks in the database for correctness.
Disadvantage:
→ Previously we used to work with PHP’s Laravel technology. One thing personally felt was difficult for me was — Every developer was using their way of authentication.
→ Some using Terminal for authentications — Auth, Migrations, and seeders, some using Xampp way.
→ This problem was also there in other famous development technology.
→ Code works fine but one common way was lacking.
→ Hackers could study some patterns and tries to hack if some loophole is found.
Azure Identity Management | Active Directory:
→ Azure does identity management using Active Directory.
NOTE:
Active Directory — Available for all windows machine
Azure Active Directory (AAD) — Special Azure Version for Active Directory
→ So here in between lies Azure Identity Provider. This returns a signed token that is secure and can be used in many Azure apps.
→ Normally company does not use Internet Protocols, instead uses some other protocols for security eg. SAML, OpenID, WS Federation, etc.
Benefits of using Azure Active Directory (Azure AD):
1. Security — Reduced development time, easier support:
When developers write Microsoft authentication way instead of their own custom authentication logic. The application becomes safer and uses the common Azure standards.
2. More Features — AAD provides some extra features that become helpful:
→ One example is the Access reviews feature. Suppose we are working in one organization and we have given some set of permissions to employees so we can review their permission across the cloud.
→ Does not require any extra fees if we are going with a Premium plan.
3. Centralized Administration:
→ Suppose a company has 100 applications and they are using Azure AD for it, then what we have is one place where all details of users have other details.
→ Single Sign On One of the benefits of this is — from the user’s perspective user had an id and password. They can use this one common credential across all applications using Azure AD.
NOTE: If we are using On Premises. — Windows AD, we can use the same credentials in apps through the synchronization process in all our company application processes.
4. Integration with other Azure Services:
Lots of other Azure services use Azure Active Directory authentication eg. Storage account
Suppose we have an Operations team and Development Team. They do not need separate access — They can log in with their Azure AD.
Closing Thoughts:
In this article, we have understood Azure Active Directory (AAD) service. Security is one key aspect of the application.
We have also understood the traditional authentication vs Azure authentication approach. In the next few articles let us understand the security aspects of Microsoft Azure.
Thank you for reading till the end 🙌 . If you enjoyed this article or learned something new, support me by clicking the share button below to reach more people and/or give me a follow on Twitter and subscribe Happy Learnings !! to see some other tips, articles, and things I learn about and share there.
