What is Identity in Cloud
Identity is a unique identification of an object. Such an object can be a human being, a machine, or a combination of it. When we talk in the cloud computing context, identity means a set of properties about this object stored in the cloud's data center.
Identity & Access Management
Identity Management (IdM) and Identity and Access Management (IAM) are interchangeable terms in identity access management. So if you are reading about one, you are probably reading about the second term too.
IAM is a framework of policies that tell what users can do in their restricted area and what he needs from the user to operate properly. Such systems identify, authenticate, and authorize individuals or hardware applications to use restricted resources.
IAM exists in the world without the internet too. It appears in different forms. For example, the “Staff Only” label at doors in markets, id card pinned at employee's suit, or doorman as a profession by itself. Even your dog protecting yard is some Access Management of your property.
Every IAM operates in its defined context. The context of IAM specifies the number of properties it needs from the Identity. For example, every patient has a folder with properties about his identity at the doctor's office.
Identity Platform is an IAM service provided by third parties such as Microsoft or Amazon (Amazon Cognito).
Using External vs. Internal Identity Platform
External identity platform (IP) helps you build applications without its own identity management service such as Identity Server. Authorization and authentication can be handled externally, and the only thing you need to do is integrate between your system and MIP.
Integration with an external identity platform does not make sense if you are not using third-party software, and most of your companies applications were built in-house. For example, if the whole company is using Windows and Office 365, it does make sense to integrate your system with Microsoft Identity Platform.
Microsoft Identity Platform
The Microsoft identity platform helps you build applications your users and customers can sign in to using their Microsoft identities or social accounts, and provide authorized access to your own APIs or Microsoft APIs like Microsoft Graph. — docs.microsoft.com
Components of the Microsoft Identity Platform?
- OAuth 2.0 and OpenID Connect standard-compliant authentication service. — Possibility of secured work or school accounts authentications.
- Microsoft Authentication Libraries or MSAL. — Microsoft MVP and my friend Daniel Krzyczkowski have great GitHub repo with guidelines for using MSAL.
- Application management portal. — Registration and configuration of applications in the Azure portal. Management is also possible through PowerShell or configuration API.
Microsoft Graph is the gateway to data and intelligence. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows 10, and Enterprise Mobility + Security. — docs.microsoft.com
Mostly when you are sign-in in or up with your Microsoft account and you tracked the communication, you will find out that the browser is talking a lot to graph.microsoft.com, which is a single endpoint of Microsoft Graph API.
Once you are integrating your application with the Microsoft Identity Platform, you will communicate through this API. You can do it directly or with MSAL, which encapsulates the HTTP communication with API.
Active Directory vs. Azure Active Directory
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. — Wikipedia
Physically it is nothing else than an on-premise private server. Active Directory or Active Directory Domain Services is a database of your company’s users and computers. It provides authentication and authorizations for applications or users. It uses dinosaur protocols like Kerberos and NTLM.
Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. — docs.microsoft.com
Azure Active Directory (Azure AD) takes AD approaches, expands them, and brings them to the next level, the cloud level. Azure AD provides organizations with an Identity as a Service (IDaaS) solution for applications across Azure and on-premise servers too.
Azure Active Directory vs. Microsoft Graph
Azure Active Directory is a security token server analogous to a directory in the Cloud. When organizations want to move their on-premise directories to the cloud and make their applications securely accessible anywhere from the internet, they can take advantage of Azure AD.
Azure AD has two versions. The V1 endpoint and the V2 endpoint and Microsoft Identity Platform is made of the V2 endpoint, documentation, and application registration tools like App Registrations in the Azure portal. The Microsoft Identity Platform contains part of the Azure Active Directory.