Today, many applications are being moved or built directly in the cloud, reflecting benefits that go along with the process. There are many services cloud providers offer; able to assist people developing software applications faster and more secure. One service offered by Microsoft accomplishes authentication via Azure Active Directory. Azure Active Directory is Microsoft’s cloud-based enterprise identity service providing identity control, single sign-on, multifactor authentication, and conditional access on a very secure and robust platform.
Software developers can integrate on-premises or cloud-based applications with ease to take advantage of the authentication service provided by Azure AD allowing developers to rely on Microsoft to provide and manage the functionality for user authentication and user management. For example, when a user is attempting to login to a website, the website can direct the user to an external page (hosted by Microsoft in Azure) to login, and the Azure page will redirect the user back to the URI of the initial website using a URL that is provided to Azure by the application.
An application must be registered with Azure AD on the hosting entity’s Azure Tenant, and then assigned a unique application ID. As part of the registration process, a “Redirect URI” is set for the application, which is a key component of ensuring the whole authentication process is secure. A redirect URI is the URI for the main application which the user will be returned to Azure after Azure authenticates the user and determines they are authorized to access the application. The URI is specified by the application itself during authentication, but it must be one of the pre-approved URI’s set up ahead of time. The requirement, along with enforcing all communication to and from Azure allowing the https authentication is secure using the latest standards, and the approved URI prevents malicious attackers from trying to “trick” the user into being redirected to a malicious site instead of back to the application they intend to log into.
Relying on Microsoft Azure AD to authenticate users allows software developers to feel secure when storing, securing, and validating user passwords, including changes and password expiration, lockout after so many failed attempts, forgotten passwords, etc. Since user management is simplified and centralized in the Azure platform with an easy-to-use web interface, developers aren’t required to build user management into the application. Utilizing existing Azure services for key pieces of functionality takes the burden off application developers and reduces overall project costs and ensures the important aspect of security is handled by a trusted and proven authentication provider.
Here is an example of what the user might see when signing into an application which uses Azure AD as the authentication provider:
Contact us today to learn more about how we can help your business use the power of Azure.
