Microsoft 365 / Azure – Exploring concept – Identity Provider and Modern Authentication

fig : Microsoft 365 - Modern Authentication - Enabling modern authentication
fig : Microsoft 365 - Modern Authentication - Enabling modern authentication

Hi All,

Greetings for the day!!!

Continuing series with Security articles, today discussing concept Identity Provider

What are Identity providers

  • In last article we discussed about Identity. If you didn’t got a chance to read yet, please have a look. Microsoft 365 / Azure – Exploring Identity – Identity is the new security perimeter
  • Identity
    • A thing that can be authenticated.
    • An Identity can be user with user name and password
    • An Identity can be application which require authentication through secret keys or certifications
  • An Identity provider manages four pillars of Identity – Administration, Authentication, Authorisation and Auditing. We discussed these in last article
  • An Identity provider creates, maintains, and manages Identity details and offers authentication, authorization and auditing services – 4 pillars of Identity
  • Identity provider provides authentication services to the applications
  • There is term we called “Modern Authentication” which is the term for authentication and authorization between our client (phone / laptop / any device) and a server
  • Identity provider plays very important role in modern authentication
  • Example of Identity Providers are – Microsoft Azure Active Directory – cloud based Identity provider
  • Some other examples are – Google, Twitter, LinkedIn, GitHub etc.

Modern Authentication

  • Legacy Authentication
    • Basic authentication is the less secure method used by older client applications
    • ‎Microsoft‎ recommends that we turn off basic authentication for your organization.
    • We can use enable security defaults in the ‎Azure‎ portal to turn off basic authentication for all protocols
    • Legacy authentication is authentication that relies on legacy protocols such as Kerberos and RADIUS to protect the traditional network perimeter
    • Legacy authentication does not support Multi Factor Authentication (MFA)
    • Legacy authentication was not designed to support authentication to cloud and web-based services and apps
    • Legacy authentication is the traditional way of authenticating, using only a username, password, and IP address
  • Identity provider plays important role in modern authentication
  • Once authenticated, the user can access all systems, protocols, and information protected by that password
  • Client communicate with Identity Provider by giving an identity (user, application , device can be anything – as discussed in previous article) which needs to be authenticated
  • When Identity is verified by Identity Provider, Identity provider issues token – security token and this token client sends to server
  • The server validates the security token through its trust relationship with the identity provider.
  • By using the security token and the information that’s contained within it, the user or application (Identity) accesses the required resources on the server.
  • In this scenario, the token and the information it contains is stored and managed by the identity provider.
  • The centralized identity provider is supplying the authentication service.

Modern authentication settings in Microsoft 365 admin center

fig : Microsoft 365 admin center - navigating to "Org settings"
fig : Microsoft 365 admin center – navigating to “Org settings”
  • From “Org settings” navigate to “Modern authentication” settings
fig : Microsoft 365 - Org settings - Modern authentication
fig : Microsoft 365 – Org settings – Modern authentication
  • On click of “Modern authentication” settings , right pane will open with the respective settings as shown in below fig
fig : Microsoft 365 - Modern Authentication - Enabling modern authentication
fig : Microsoft 365 – Modern Authentication – Enabling modern authentication

Thanks for reading !!! Please feel free to discuss / suggestions / share thoughts !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: