Published Date: 16 March 2023
I‑Finity have implemented the use of Azure Active Directory across a number of projects. It provides comprehensive authentication controls to keep web applications secure. All security best practices are followed, up to date and it ensures only authenticated users are able to access the necessary resources. In this article we look at what Azure Active Directory is and how it can be used.
What is Azure Active Directory?
Azure Active directory is a cloud-based identity service that allows an organisation to authenticate and authorise user accounts, allowing them to use both internal and external resources. It also provides a centralised management hub where the owner can manually add and remove accounts, whilst also providing other necessary functionality including resetting passwords.
How Many Versions Are There of Azure Active Directory?
There are four different versions available:
- Office 365 apps
- Azure Active Directory Premium P1
- Azure Active Directory Premium P2
Going premium comes with a number of benefits. With Azure Active Directory Premium P1, users are able to access on-premises and cloud capabilities seamlessly with a hybrid approach. P2 adds this feature, as well as advanced identification protection and further identity management capabilities.
How To Create an Azure Active Directory
To create an Azure Active Directory you need a subscription to a commercial service, such as Azure. The free tier of Azure Active Directory is included with a subscription such as this and no further products are needed in Azure for the service to function.
Why does Azure Active Directory Do?
There are many ways Azure Active Directory services can help your business, including:
- protecting the use of internal documents and file systems that are often company confidential
- ensuring only authorised employees are allowed to access what you need them too
- having the ability to set your own set of permissions across all your business documents, resources and files
- needing to protect APIs and other business products using authenticated identities to restrict access and only permitting certain actions
How To Use Azure Active Directory?
The way in which you can protect resources that are private to a company is by implementing a company wide Active Directory to allow Single-Sign On between resources. This can also allow you to set permissions for certain documents or resources, meaning that they are only available to a smaller selection of the directory, allowing users to have increased access-control.
What Else Can Azure Active Directory Do?
Azure Active Directory can protect APIs and other products by providing an access token when the user is authenticated. This is then passed to the API via the header in the request. With the API verifying that the token is valid, and allowing the action to be performed by the authenticated user.
One of the most common uses for Azure Active Directory is to create an Azure Directory Business to Customer Tenant. This allows you to:
- authenticate identities using social identity providers such as Facebook, Google and LinkedIn
- give users a simpler way to confirm their identity and begin using your product or service.
The setup to Secure a Web API is well documented in this article, where we outline the steps to be followed and the necessary required Azure products.
Business to Customer tenants can have an out of the box set up that can be easily setup. There is also a custom integration guide that provides step by step instructions on how you customise each step of the authentication and authorisation process to meet your exact requirements.
I‑Finity have developed an app TrackMySSL.com that allows users to input domains to keep track of SSL certificates and their expiry dates for timely management. This is protected by Azure Active Directory Business to Customer Tenant it ensures only authenticated identities can have access. Azure Active Directory is protecting both the front-end app and the backend API.
There are many ways you can customise the flow so that users associate the login process with the app or service that they are trying to access. The first is custom domain names, this enables you to remove some of the template text from the domain address with a custom domain name user Azure Front Door. You can also edit the login screens, this can by done simply by choosing between a selection of predefined themes, or editing and creating your on CSS files. Another way you can customise the user experience is by creating custom flows rather than using the provided flows, this can allow you to collect more information about your users to ensure their identity.
Compliance Benefits to Azure Active Directory
I‑Finity use Azure Active Directory to help maintain compliance, there are often differing levels of security and structures needed to comply for different customers and geographical locations, requiring specific practices to be employed, Azure Active Directory allows I‑Finity to easily ensure requirements are met with the correct security practices in use. I‑Finity also use Active Directory to keep its Cyber Essentials Plus certification up to date and valid.
If you require assistance in implementing Azure Active Directory or an assessment of your current us, then please get in touch.
Supporting Articles for Azure Active Directory
- A step by step guide on how to secure a Web API using Azure Active Directory
- Steps to managing security certificates in Azure
- Case Study on how Microsoft Azure is providing high security and complete compliance for a Financial Services customer