Identity in Azure
Concepts
- Service Principal: This is a system/application/user trying for access
- Authentication and Authorization:
- Authentication is a process of verifying identity and letting in.
- Authorization is a process of allowing/denying the access of the prinicpal based on the roles/policies.
Azure Account, Subscription and Tenant
- Azure Account is collection of subscriptions
- Tenant in Azure is Azure Active Directory which can be linked to multiple subscriptions.
- A Subscription can be linked to only one tenant id.
- All the user, groups, policies i.e. authentication and authorization is handled by tenant.
- Overview of Personal Account
- When we create an Azure Account, a tenant with unique tenant id is created and primary domain name
- All the users which you create will be having id
username@primarydomainname - Organizations might be using Azure Management groups for reusing policies across subscriptions
What is Azure Active Directory
- Azure Active Directory is Identity as a Service
- I Can use this to
- Create users in Azure and apply authentication policy
- As a identity provider for my application.
