Authentication and authorization in Entra ID

Implement Azure Security for Developers

Anushika Agarwal

Cloud Data Engineer

What is Entra ID?

  • Azure service for managing identities and access

  • Controls sign-ins

  • Controls actions they can perform
  • for people and apps

Entra ID

Implement Azure Security for Developers

Example: PeopleSphere with Entra ID

  • Employees: View payslips securely

  • HR staff: Access payroll data

Example: PeopleSphere with Entra ID

Implement Azure Security for Developers

The building blocks of Entra ID

  • Identity:

    • your digital fingerprint
    • username or email

  • Authentication:

    • proving identity
    • password or MFA

  • Authorization:

    • defining actions users can perform
    • view, edit, delete

Identity, authentication, and authorization

Implement Azure Security for Developers

Key concepts of Microsoft Entra ID

  • Identity Management:
    • Automates user accounts

Identity Management

  • Role-Based Access Control (RBAC):
    • Precise permissions based on roles

Role-Based Access Control

  • Single Sign-On (SSO):
    • One credential for all apps

Single Sign-On

Implement Azure Security for Developers

Key concepts of Microsoft Entra ID

  • Multi-Factor Authentication (MFA):
    • Adds a second verification step

Multi-Factor Authentication

  • Reporting & Analytics:
    • Tracks user activity and helps ensure compliance

Reporting & Analytics

Implement Azure Security for Developers

Users

  • Unique identities in Entra ID

    • Types:

      1. Internal - employees of the organization
      2. External - guest with temporary access

    • Monitor user activity:

      • Sign-in logs
      • Roles and group memberships
      • Assigned devices

Users

Implement Azure Security for Developers

Example: Users in PeopleSphere

  • Employees: added as users to view payslips

  • Auditors: added as guest users for compliance reviews

PeopleSphere user example in Entra ID

Implement Azure Security for Developers

Groups

  • Logical collections of users

    • Permissions assigned to many users at once

    • Types:

      1. Security groups - control access
      2. Microsoft 365 groups - enable collaboration

Groups

Implement Azure Security for Developers

Example: Groups in PeopleSphere

  • HR managers:

    • Security group for payroll access

  • HR & Finance:

    • Microsoft 365 group for collaboration

PeopleSphere Groups example in Entra ID

Implement Azure Security for Developers

Devices

  • Register devices for secure access
  • Enforce compliance policies
  • Monitor device health
  • Hybrid identities:
    • work across cloud
    • on-premises

Devices

Implement Azure Security for Developers

Roles

  • Define permissions: based on responsibilities

  • Built-in roles:

    • Global Admin, User Admin

  • Custom roles:

    • tailor access for specific needs

Roles

Implement Azure Security for Developers

Let's practice!

Implement Azure Security for Developers

Preparing Video For Download...