Home

Azure AD Federated Identity Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-194525%22%20slang%3D%22en-US%22%3EAzure%20AD%20Federated%20Identity%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-194525%22%20slang%3D%22en-US%22%3E%3CP%3Ewhen%20a%20user%20authenticate%20to%20Office%20365%20or%20Azure%20AD%20which%20has%20a%20thrid%20party%20Federate%20in%20between%3C%2FP%3E%3CP%3Ewhich%20protocol%20is%20used%20and%20how%20the%20user%20is%20authenticated%20and%20authorized%20to%20use%20the%20application%20for%20example%20accessing%20exchange%20online%3C%2FP%3E%3CP%3EIs%20it%20like%20a%20company%20which%20has%20setup%20federation%20system%20to%20authentication%20users%20from%20on-premises%20to%20on%20cloud%26nbsp%3B%3C%2FP%3E%3CP%3Ewhen%20a%20user%20initiates%20a%20session%20with%20an%20online%20service%20or%20application%20which%20requires%20authentication%20and%20authorization%3C%2FP%3E%3CP%3Ethen%20does%20it%20works%20like%20this%3C%2FP%3E%3CP%3E1.%26nbsp%3B%20user%20to%20online%20application%20-%20service%3C%2FP%3E%3CP%3E2.%20service%20redirects%20your%20not%20authenticated%20go%20to%20Azure%20AD%20for%20AuthN-AuthZ%3C%2FP%3E%3CP%3E3.%20Azure%20AD%20based%20on%20Federation%20settings%20configured%20asks%20user%20(browser)%20or%20goes%20to%20STS%20like%20PingFederate%20and%20asks%20for%20a%20user%20Authentication%3C%2FP%3E%3CP%3E4.%20Federation%20server%20like%20PingFederate%20based%20on%20its%20configuration%20could%20check%20with%20Active-Directory%20Server%20or%20which%20ever%20directory%20server%20it%20is%3C%2FP%3E%3CP%3E5.%20Once%20the%20Federation%20server%20has%20a%20confirmation%20from%20directory%20server%20it%20will%20generate%20a%20token%20because%20that%20is%20what%20it%20does%3C%2FP%3E%3CP%3E6.%20Now%20it%20will%20forward%20this%20token%20to%20Azure%20AD%3C%2FP%3E%3CP%3E7.%20Now%20what%20will%20happen%3C%2FP%3E%3CP%3E8.%20will%20Azure%20AD%20forward%20the%20same%20token%20it%20has%20got%20from%20Federation%20server%3C%2FP%3E%3CP%3E9.%20Or%20instead%20it%20will%20generate%20a%20new%20OAuth%202.0%20based%20token%20and%20will%20this%20one%20to%20the%20Service%20-%20Application%20asking%20for%20user%20AuthN-AuthZ%3C%2FP%3E%3CPRE%3E%26nbsp%3B%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-194525%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20Federated%20Identity%20Authentication%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Frequent Contributor

when a user authenticate to Office 365 or Azure AD which has a thrid party Federate in between

which protocol is used and how the user is authenticated and authorized to use the application for example accessing exchange online

Is it like a company which has setup federation system to authentication users from on-premises to on cloud 

when a user initiates a session with an online service or application which requires authentication and authorization

then does it works like this

1.  user to online application - service

2. service redirects your not authenticated go to Azure AD for AuthN-AuthZ

3. Azure AD based on Federation settings configured asks user (browser) or goes to STS like PingFederate and asks for a user Authentication

4. Federation server like PingFederate based on its configuration could check with Active-Directory Server or which ever directory server it is

5. Once the Federation server has a confirmation from directory server it will generate a token because that is what it does

6. Now it will forward this token to Azure AD

7. Now what will happen

8. will Azure AD forward the same token it has got from Federation server

9. Or instead it will generate a new OAuth 2.0 based token and will this one to the Service - Application asking for user AuthN-AuthZ

 

 

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies