Azure Active Directory Flashcards
(7 cards)
What is Azure Active Directory (AAD)?
A cloud-based Identity Provider and Access Manager.
What is Identity?
A thing that can be authenticated.
◦A user with a username and password.
◦An application or other service with secret keys or certifiates.
What is Access Management?
A service for managing access to authorized users and applications.
What is the classic authentication approach?
1) The user sends credentials to the server.
2) The server verifies that the user’s credentials are correct, typically by checking a database.
3) The server sends a response back to the client.
What is the Identity Provider approach to authentication?
1) Instead of sending credentials to a server, you send it to an Identity Provider, like Azure AD, which returns a token.
2) When a client makes a request to the server, it sends the token with its request.
3) The server sends the token to Azure AD to get basic information about the user and to verify the token.
4) The server sends a response back to the client.
What are the benefits of using an Identity Provider for authentication over the classic approach?
◦With this approach you only need to authenticate with Azure AD and then you can authorize with any service that trusts the Identity Provider.
◦You only need one set of credentials, instead of a set of credentials per service.
◦Leverages Microsoft’s security.
◦Additional features like MFA (Multi-factor Authentication - an example would be getting a text message and using the code in your browser).
Describe the components of Identity Access Management (IAM).
- How individuals are identified in a system.
- How roles are identified in a system and how they are assigned to individuals.
- Adding, removing and updating individuals and their roles in a system.
- Assigning levels of access to individuals or groups of individuals.
- Protecting the sensitive data within the system and securing the system itself.
