2. Agenda
Identity
Identity Management in On-premises
Azure AD
Azure AD Features
Scopes
Role Based Access Control
Identity Collaboration
3. Identity
Information that represent an agent (user / group)
Identity is used to authenticate against an identity provider
Used to access resources authorized for that identity
4. Identity management on-premises
Active Directory Domain Services
Custom
Protocols might not be compatible with cloud services
Kerberos
NTLM
LDAP
5. Azure Active Directory
Cloud based identity and access management service
Works as an identity provider
Can import on-premises identities to cloud
7. AAD Features : Application Management
How do we connect with external applications?
How can we avoid using different credentials for each application?
8. AAD Features : Identity Protection
Automate detection and remediation of identity based risks
Investigate risks
Integrate with other platforms
9. AAD Features : Privileged Identity Management
Service to manage, control and monitor access to critical operations
Elevating existing permissions Just In Time (JIT)
10. AAD Features : Seamless Sign-on
Automatically signed into both on-premises and cloud-based
applications
Pass-through authentication
Authentication agent in on-premises server
Credentials never leaves on-premises
Password hash synchronization
Azure AD stores the hash of hash of the passwords stored in on-premises AD
Azure AD Connect is used to synchronize
11. Scopes
Set of resources permissions, policies and costing can be applied at
12. Role Based Access Control (RBAC)
Access management to cloud resources
Security Principal
Role Definition
13. Identity Collaboration : B2B
Allow external identities to collaborate with organization
Allow external identities to use organization’s resources
14. Identity Collaboration : B2C
Business to customer identity as a service
Customers can use social accounts to connect