Microsoft 365 / Azure – Exploring concept – Identity Provider and Modern Authentication
Greetings for the day!!!
Continuing series with Security articles, today discussing concept Identity Provider
What are Identity providers
- In last article we discussed about Identity. If you didn’t got a chance to read yet, please have a look. Microsoft 365 / Azure – Exploring Identity – Identity is the new security perimeter
- Identity –
- A thing that can be authenticated.
- An Identity can be user with user name and password
- An Identity can be application which require authentication through secret keys or certifications
- An Identity provider manages four pillars of Identity – Administration, Authentication, Authorisation and Auditing. We discussed these in last article
- An Identity provider creates, maintains, and manages Identity details and offers authentication, authorization and auditing services – 4 pillars of Identity
- Identity provider provides authentication services to the applications
- There is term we called “Modern Authentication” which is the term for authentication and authorization between our client (phone / laptop / any device) and a server
- Identity provider plays very important role in modern authentication
- Example of Identity Providers are – Microsoft Azure Active Directory – cloud based Identity provider
- Some other examples are – Google, Twitter, LinkedIn, GitHub etc.
- Legacy Authentication
- Basic authentication is the less secure method used by older client applications
- Microsoft recommends that we turn off basic authentication for your organization.
- We can use enable security defaults in the Azure portal to turn off basic authentication for all protocols
- Legacy authentication is authentication that relies on legacy protocols such as Kerberos and RADIUS to protect the traditional network perimeter
- Legacy authentication does not support Multi Factor Authentication (MFA)
- Legacy authentication was not designed to support authentication to cloud and web-based services and apps
- Legacy authentication is the traditional way of authenticating, using only a username, password, and IP address
- Identity provider plays important role in modern authentication
- Once authenticated, the user can access all systems, protocols, and information protected by that password
- Client communicate with Identity Provider by giving an identity (user, application , device can be anything – as discussed in previous article) which needs to be authenticated
- When Identity is verified by Identity Provider, Identity provider issues token – security token and this token client sends to server
- The server validates the security token through its trust relationship with the identity provider.
- By using the security token and the information that’s contained within it, the user or application (Identity) accesses the required resources on the server.
- In this scenario, the token and the information it contains is stored and managed by the identity provider.
- The centralized identity provider is supplying the authentication service.
Modern authentication settings in Microsoft 365 admin center
- Navigate to Microsoft 365 admin center – https://admin.microsoft.com/
- From left pane, navigate to Settings >> Org settings
- From “Org settings” navigate to “Modern authentication” settings
- On click of “Modern authentication” settings , right pane will open with the respective settings as shown in below fig
Thanks for reading !!! Please feel free to discuss / suggestions / share thoughts !!!
HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂