Azure Tutorials Series - Identity and Access | Azure AD
In previous article we learnt about Azure securities, Let's learn about Azure Identity and access in this article. We will cover authentication, authorisation, Azure active directory(AD) and RBAC.
Identity and Access Management in Azure
- Ability to allow roles or permissions to access limited pool of resources
- Azure Active Directory helps enables authorisation and authentication for the privileges.
- Authentication vs authorisation
- Authentication(AuthN) - Verifies the identity of a person
- Authorization(AuthZ) - Verifies what all priviliges user has
Azure Active Directory
- Called Azure AD
- Cloud based identity service
- No SLA for free tier, Standard and Premium get 99.9%
- Can be used stand alone or can be synced with existing on-prem active directory
- Services includes -
- Multi Factor Authentication
- Single sign on
- Application Management
- Business to Business(B2B) identity services
- Business to customer(B2C) identity services
- Device Management
Roles in Azure
- Roles in Azure are categorised as
- Classic roles
- azure roles(RBAC)
- Azure AD roles
Before RBAC got introduced, there were only 3 roles -
- Account administrator - One per Azure account
- Service Administrator - One per Azure subscription
- Co-administrator - 200 per subscription
Role-based Access Control
- Provides fine grained access management for Azure resources
- Roles can be of various types, such as 'read-only' or 'contributor'.
- Roles are inherited by the child, provided at the higher level.
- Four fundamental Azure roles are -
- Owner
- Contributor
- Reader
- User Access administrator
Azure AD Roles
- On tenant level
- Person who signs up for Azure AD tenant, gets the role of Global Administrator, who can do anything.
- Other user roles are - User Administrator, billing administrator
Comments
Post a Comment