forked from barryclark/jekyll-now
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request barryclark#74 from sarabadanie/master
A new blog post on the topic of Azure AD
- Loading branch information
Showing
1 changed file
with
30 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| --- | ||
| layout: post | ||
| title: Azure Active Directory and Authentication the Cloud Way | ||
| subtitle: | ||
| category: howto | ||
| tags: [cloud, automation] | ||
| author: esmaeil_sarabadani | ||
| author_email: [email protected] | ||
| header-img: "images/bg-post.jpg" | ||
| --- | ||
|
|
||
| Authenticating our users securely to our applications at Haufe has always been an important thing for us and these days with more and more cloud-based apps it is essential to be able to provide an authentication method in the cloud as a service. That is exactly where Azure Active Directory comes in to play. | ||
|
|
||
| Azure AD provides identity as a service and supports industry-standard protocols such as OAuth 2.0, OpenID Connect, WS-Federation, or SAML 2.0. It uses public key cryptography to sign keys and to ensure their validity. Azure AD issues security tokens which include information about the authenticated user/subject and their authorizations. These tokens are then used by applications to allow access for different tasks. [Here] you can get more information about the included information in a token. | ||
|
|
||
| One of the common questions I am often asked is if Azure AD is only suitable for internally-used applications to which our internal users need to authenticate? | ||
| The answer is clearly No. You can create multiple directories and use them for different applications. Of course our corporate Active Directory is one of them and is in constant synchronization with our on-premise AD database. It is also possible to design multi-tenant application (in terms of authentication) to be able to authenticate to different Azure AD directories. | ||
|
|
||
| To be able to use Azure AD you need to register your application in the target directory(ies). To register the application Azure requires the following information to be able to communicate with it: | ||
|
|
||
| -Application ID URI: The application identifier. | ||
| -Reply URL and Redirect URI: The location which Azure AD sends the authentication response to. | ||
| -Client ID: Application ID generated by Azure AD | ||
| -Key: Generate by Azure AD | ||
|
|
||
| You are then even able to set custom permissions to allow the application to access directory data and that is pretty much it. | ||
|
|
||
| I personally believe Azure AD is a very convenient way to authenticate our users to our applications. For any questions please do not hesitate to contact me. | ||
|
|
||
| [here]: <https://azure.microsoft.com/en-us/documentation/articles/active-directory-token-and-claims/> |