Identity Services
- Authenticated, then authorized
- Authentication: making sure you are you, confirming identity, first test for access
- Authorized: comes after authentication, do you get access?, granular control
Azure Active Directory
- Active Directory was designed for traditional office with computers and printers, was not designed for “Web”
- AAD Service: every azure account needs a first user and this user is in the initial AAD instance
Tenants
- Organization: A tenant represents the organization
- Dedicated AAD: a tenant is a dedicated instance of AAD that an organization receives when signing up for Azure
- Separate: Each tenant is distinct and completely separate from other AAD tenants
- Each user in Azure can be a member or guest of up to 500 Azure AD tenants
Subscription
- A billing entity
- Cost Separation
- Payment: all resources and services with the subscription stop
Hybrid Cloud Setup: AAD can manage on premises users and Azure
Multi-Factor Authentication
- Something you know, something you have, something you are
Single Sign-On
- One user account for multiple services
- You can create a SSO service for your own application “Azure Active Directory Seamless Single Sign-on” or “AAD Seamless SSO”
- The company’s users are all in AAD, and all use ADD S SSO