Working with Identity and Access
Let us now discuss about the identity and access.
With organizations developing new working norms and also more and more complex applications with each passing day, it becomes increasingly important for then to plan for the security before hand. Correctly identifying, authenticating, and authorizing a person/resource trying to gain access to another service, resource, or applications is extremely important. Having said that, Identity has now become the primary security boundary.
I hope you are already aware about Azure AD, but just to re-iterate and ring the same bell again, it is a cloud-based identity service. It is similar to the on-premises Active Directory and it has the support for synchronizing with the on-premises Active Directory using Azure AD Connect. Think about the endless possibilities here. All your applications, be it on-premises or on cloud or even the mobile devices can share the same credentials and can be governed using centralized rules and policies in Azure AD.
Azure AD provides services such as:
Authentication and Authorization – This includes verifying and authorizing the identity to have access to the applications and resources, and it also provides functionality such as self-service password reset, multi-factor authentication (MFA), a custom banned password list, and smart lockout services.
Single-Sign-On (SSO) – This enables users to remember only one ID and one password to access multiple applications. A single identity is tied to a user, simplifying the security model. As users change roles or leave an organization, access modifications are tied to that identity, greatly reducing the effort needed to change or disable accounts.
Application management – You can manage your cloud and on-premises apps using Azure AD Application Proxy, SSO, and other SaaS applications.
Business to business (B2B) and Business-to-Customer (B2C) identity Services – where you can manage your guest users and external partners while maintaining control over your own corporate data and also customize and control how users sign up, sign in, and manage their profiles when using your apps with services.
Device Management – Where you can manage how your devices, be it on cloud or on-premises access your corporate data.
We will keep this discussion limited about the Active Directory and its capability for now, but I will be taking up these topics like – MFA, Application Security using service principal and managed identities in the subsequent modules because at that point of time, I will show you the demo on how to work with them.