From 9814d5de303d5906201929cd488a757e4440eae0 Mon Sep 17 00:00:00 2001 From: Esmaeil Sarabadani Date: Wed, 28 Sep 2016 23:22:27 +0200 Subject: [PATCH 1/2] Create Azure-AD-Authentication-Cloud-Way --- _posts/Azure-AD-Authentication-Cloud-Way | 30 ++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 _posts/Azure-AD-Authentication-Cloud-Way diff --git a/_posts/Azure-AD-Authentication-Cloud-Way b/_posts/Azure-AD-Authentication-Cloud-Way new file mode 100644 index 0000000..2319cae --- /dev/null +++ b/_posts/Azure-AD-Authentication-Cloud-Way @@ -0,0 +1,30 @@ +--- +layout: post +title: Azure Active Directory and Authentication the Cloud Way +subtitle: +category: howto +tags: [cloud, automation] +author: esmaeil_sarabadani +author_email: esmaeil.sarabadani@haufe-lexware.com +header-img: "images/bg-post.jpg" +--- + +Authenticating our users securely to our applications at Haufe has always been an important thing for us and these days with more and more cloud-based apps it is essential to be able to provide an authentication method in the cloud as a service. That is exactly where Azure Active Directory comes in to play. + +Azure AD provides identity as a service and supports industry-standard protocols such as OAuth 2.0, OpenID Connect, WS-Federation, or SAML 2.0. It uses public key cryptography to sign keys and to ensure their validity. Azure AD issues security tokens which include information about the authenticated user/subject and their authorizations. These tokens are then used by applications to allow access for different tasks. [Here] you can get more information about the included information in a token. + +One of the common questions I am often asked is if Azure AD is only suitable for internally-used applications to which our internal users need to authenticate? +The answer is no. You can create multiple directories and use them for different applications. Of course our corporate Active Directory is one of them and is in constant synchronization with our on-premise AD database. It is also possible to design multi-tenant application (in terms of authentication) to be able to authenticate to different Azure AD directories. + +To be able to use Azure AD you need to register your application in the target directory(ies). To register the application Azure requires the following information to be able to communicate with it: + +-Application ID URI: The application identifier. +-Reply URL and Redirect URI: The location which Azure AD sends the authentication response to. +-Client ID: Application ID generated by Azure AD +-Key: Generate by Azure AD + +You are then even able to set custom permissions to allow the application to access directory data and that is pretty much it. + +I personally believe Azure AD is a very convenient way to authenticate our users to our applications. For any questions please do not hesitate to contact me. + + [here]: From 08194dbfbfd2b4e1364576a5403ce39d9e686453 Mon Sep 17 00:00:00 2001 From: Esmaeil Sarabadani Date: Wed, 28 Sep 2016 23:29:17 +0200 Subject: [PATCH 2/2] Update Azure-AD-Authentication-Cloud-Way --- _posts/Azure-AD-Authentication-Cloud-Way | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_posts/Azure-AD-Authentication-Cloud-Way b/_posts/Azure-AD-Authentication-Cloud-Way index 2319cae..590fd07 100644 --- a/_posts/Azure-AD-Authentication-Cloud-Way +++ b/_posts/Azure-AD-Authentication-Cloud-Way @@ -14,7 +14,7 @@ Authenticating our users securely to our applications at Haufe has always been a Azure AD provides identity as a service and supports industry-standard protocols such as OAuth 2.0, OpenID Connect, WS-Federation, or SAML 2.0. It uses public key cryptography to sign keys and to ensure their validity. Azure AD issues security tokens which include information about the authenticated user/subject and their authorizations. These tokens are then used by applications to allow access for different tasks. [Here] you can get more information about the included information in a token. One of the common questions I am often asked is if Azure AD is only suitable for internally-used applications to which our internal users need to authenticate? -The answer is no. You can create multiple directories and use them for different applications. Of course our corporate Active Directory is one of them and is in constant synchronization with our on-premise AD database. It is also possible to design multi-tenant application (in terms of authentication) to be able to authenticate to different Azure AD directories. +The answer is clearly No. You can create multiple directories and use them for different applications. Of course our corporate Active Directory is one of them and is in constant synchronization with our on-premise AD database. It is also possible to design multi-tenant application (in terms of authentication) to be able to authenticate to different Azure AD directories. To be able to use Azure AD you need to register your application in the target directory(ies). To register the application Azure requires the following information to be able to communicate with it: