Azure Authentication & Authorization

Identity Services

  • Authenticated, then authorized
  • Authentication: making sure you are you, confirming identity, first test for access
  • Authorized: comes after authentication, do you get access?, granular control

Azure Active Directory

  • Active Directory was designed for traditional office with computers and printers, was not designed for “Web”
  • AAD Service: every azure account needs a first user and this user is in the initial AAD instance


  • Organization: A tenant represents the organization
  • Dedicated AAD: a tenant is a dedicated instance of AAD that an organization receives when signing up for Azure
  • Separate: Each tenant is distinct and completely separate from other AAD tenants
  • Each user in Azure can be a member or guest of up to 500 Azure AD tenants


  • A billing entity
  • Cost Separation
  • Payment: all resources and services with the subscription stop

Hybrid Cloud Setup: AAD can manage on premises users and Azure

Multi-Factor Authentication

  • Something you know, something you have, something you are

Single Sign-On

  • One user account for multiple services
  • You can create a SSO service for your own application “Azure Active Directory Seamless Single Sign-on” or “AAD Seamless SSO”
  • The company’s users are all in AAD, and all use ADD S SSO

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.