Microsoft Office 365 is widely used in many organizations. If you are an administrator for your Office 365, you are likely to be familiar with the Admin Center to look at user accounts and monitor activities. But do you know all the account activities were pulled in from Azure Active Directory in the cloud and are only displayed in the admin center? If you've got Dynamics, Exchange, SharePoint, or any of the Microsoft software that is in the Cloud, it's going to be using Azure Active Directory as its Identity Manager in the back end.
There are a couple different approaches to manage identity in Azure Active Directory.
- Identity Sharing- As an admin, you may be familiar with creating Active Directory trust to different organizations, so you can authenticate across organizations or different servers across organizations. However, you don't have that ability with Azure Active Directory. In Azure AD, it's called "Azure B2B Collaboration. It's very similar to a trust but you can take to Azure Active Directory tenants and build that relationship ,so that you can do cross authentication between tenants for some services.
- Industry standard protocols: Protocols such as Oauth or SAML are also options for your to consider. For instance,
- OAuth 2.0
- OAuth 2.0 implicit grant flow
- OAuth 2.0 auth code grant
- OAuth 2.0 on-behalf-of flow
- OAuth 2.0 client credentials grant
- Other industry-standard authentication protocols/technologies
- OpenID Connect
- ID Tokens
- Access Tokens
- Certificate Credentials
- Conditional access: Learn detailed step by step conditional access here.