B2B Identity Federation with Admin API/SDK

B2B scenario Protect your applications and services with identity provider service based on the OpenID Connect with Identity Federations. Your solution is a ‘family’ of services and applications in the B2B model. Your partners have their identity provider—modern services like Entra ID, Octa, Auth0, and AWS Cognito. Based on OpenID Connect and identity federation with partners, we decided to use JWT, an Access token issued by our identity provider service, to protect our services....

March 26, 2024 · Mateusz Jendza

Check Entra Verified ID

Big Picture Verifiable Credentials solve problems for identities in the digital world. What does it mean? Please check the story: You own the national ID card. It is in your wallet. To get the document, you must visit the government office, provide information/documents, check your identity with your old ID, passport, or proof of birth, and wait for the document. Details: The government issues the document. It is accepted by the European Union and in other countries....

March 12, 2024 · Mateusz Jendza

Play with Authorization

TL;DR Authentication or authorization? What is the term I need to use with my current scope of work? Do I need to authenticate the user or authorize it? Ok! I need to authenticate the user and then authorize (or the opposite). Dictionary: Authentication - is the process of verifying the identity of a user. How can we do it? As a basic scenario, when only one person knows the combination of login and password, we need to check if the combination is correct to authenticate the user....

February 27, 2024 · Mateusz Jendza

Time for Passwordless

TL;DR Please stop using passwords. My stack is based on Yubikey and 1Password. Can I be a passwordless team member? Check my journey and answer the question. I improved my security with the following steps: Entra ID accounts without password, extended security on GitHub with GPG key, moved the SSH keys to 1Password, started using 1Password CLI to access secrets for ServicePrincipals. Big Picture Yubikey I started my journey with Blue Yubikey....

February 13, 2024 · Mateusz Jendza

Protect your Azure resources

TL;DR You decided to build a web application in Azure - great! The solution contains App Service, CosmosDB, Blob Storage or other resouces. You started with really simple solution, but as IT Pro you decided to build three environments: Development, Test, and Production. You also decided to use Azure API Management to manage your APIs. You are aware of the security risks and you want to protect your resources. Please fallow my suggestion to use Azure FrontDoor and API Management to protect your resources....

February 6, 2024 · Mateusz Jendza

Understanding the Differences Between Microsoft Entra ID and Azure AD B2C: How to Select the Right Identity Solution for Your Business

Microsoft Entra ID External Identities vs Azure AD B2C. TL;DR A summary of differences between Entra ID and Azure AD B2C. Entra ID in this article is used to build a product. Differences between Entra ID and Azure AD B2C To share resources from your organization (Entra ID) like PowerBi, OneDrive, and SharePoint - use B2B collaboration. Please remember: in many cases, you must assign the expected licenses - PowerBI*, for example, and you will be able to use PowerBI Portal....

January 23, 2024 · Mateusz Jendza

Design your CIAM Solution with Azure AD B2C

Here are some tips that can help you with user management: Use CIAM User Interface to create a new user: with Azure AD B2C Policy - User Journey, you can create a single point for all applications to create a new user, making the process efficient, streamlined, easy to improve and change. Don’t share personal information with applications: Adopt a zero-trust approach to avoid sharing personal information with applications. Instead, you can use centralised communication with end-users for marketing and other purposes (It is only possible with some business cases)....

January 9, 2024 · Mateusz Jendza