top of page

Azure identity and access management | IAM

Apr 9, 2024

2 min read

4

10

In this blog, I will talk about access and identity management in Azure Active Directory (now Entra Id).

Entra Id is a cloud based software as a service solution provided by Microsoft for managing identity and access for cloud based resources and applications. In this blog, we discuss about main concepts around identity and access management in Entra.

When we talk about identity and access, There we have two main concepts.

  1. Authentication — verifies you are who claims you are. A process which identities, proves and confirm that you are exactly what you are claiming you are. For authentication, we have username/password combination, Multi factor authentication (MFA) , SMS based, fingerprint etc.

  2. Authorization — validates what you can do. A process which evaluates if you have the needed permissions of the resource access and action you would be performing.

Entra Id a new name for Azure Active directive, Here we have.


Azure tenant:

Tenant is an instance of Microsoft Entra Id service. A central place for managing users accounts and user groups. We can create multiple tenants for an organization (recommended is one for an organization). For any user or application to gain access to azure resource they must get authenticated or pass through the tenant.


Create Tenant (Basic)



Create Tenant (Configuration)



User Accounts:

Entra ID have three supported user types. For accessing azure applications and services, we need to create or import user in Entra Id tenant. These types are

  1. Internal user — local Entra user created in Microsoft Entra Id (Azure AD).

  2. External user (sometimes called as Guest) — users from other Entra Id tenants or from Identity Provider other than active directory through google/Microsoft/Facebook etc. that you would like to invite into your tenant.

  3. Directory synced — Connect the on-premises Active directory to Entra Id. User synchronized from on-premises Active directory through Azure Connect. These synced user accounts are called Directory-synced. Synchronization is one way from on-prem AD to Entra Id.

User Groups:

  1. Security —a type of user group. Create a user group to maintain set of users providing them access and permission to the set of resources and application instead of doing the same for every user. You have option of manually importing the users and there is also a feature called Dynamic Group Membership where you can create rules or conditions and when new user passes the rules/conditions it automatically gets added to the group.

2. Microsoft 365




https://medium.com/@saudnedian/azure-identity-and-access-management-iam-dc0d9b9032e4

Apr 9, 2024

2 min read

4

10

bottom of page