Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Cloud Identity Patterns and Strategies

You're reading from  Cloud Identity Patterns and Strategies

Product type Book
Published in Dec 2022
Publisher Packt
ISBN-13 9781801810845
Pages 258 pages
Edition 1st Edition
Languages
Concepts
Authors (2):
Giuseppe Di Federico Giuseppe Di Federico
Profile icon Giuseppe Di Federico
LinkedIn
Giuseppe Di Federico started working for Microsoft in 2011, with previous experience working for IBM and Accenture in software development. He became an architect for cloud and hybrid solutions, serving customers in more than 10 countries across EMEA. He had the opportunity to lead multicultural teams, visit many multinational customers, and learn about different cultures, mindsets, and assets, which enabled him to also appreciate how organizations' structures impact their results. During his experience, he has been able to appreciate many identity patterns designed to last, to be reliable and secure. In June 2022, he accepted the challenge to join a new leading-edge team for the greatest service company in Italy.
See other products by Giuseppe Di Federico
Fabrizio Barcaroli Fabrizio Barcaroli
Profile icon Fabrizio Barcaroli
LinkedIn
Fabrizio Barcaroli (born in 1987) started his career as a consultant in Italy after obtaining a master's degree in computer science in 2012. In 2013, Fabrizio joined Microsoft as part of the Microsoft Consulting Services unit, where he developed his technical skills and helped customers achieve their business goals through the usage of Microsoft technologies. With the rise of the cloud era, Fabrizio specialized in cloud and identity solutions, and in 2020, he became a cloud solution architect, a technical advisor that helps close the gap between business needs and Microsoft technologies for big enterprises operating in the manufacturing, finance, and retail markets in Italy and across the globe.
See other products by Fabrizio Barcaroli
View More author details

Table of Contents (15) Chapters

Preface Part 1: Impact of Digital Transformation
Walkthrough of Digital Identity in the Enterprise The Cloud Era and Identity Part 2: OAuth Implementation and Patterns
OAuth 2.0 and OIDC Authentication Flows Exploring Identity Patterns Part 3: Real-World Scenarios
Trends in API Authentication Identity Providers in the Real World Real-World Identity Provider – A Zoom-In on Azure Active Directory Exploring Real-World Scenarios Index Other Books You May Enjoy

Digital identities – the duties of an enterprise

As anticipated in the Digital transformation – the impact on the market section, before the cloud era, tech giants dealt with technology within their own data centers. Identity management is not new for enterprises; historically, IdPs such as Active Directory or SiteMinder worked inside the network perimeter of enterprises with protocols such as Kerberos and NTLM.

Having an identity directory in the enterprise is paramount to managing users, computers, and enterprise assets in general that belong to the organization and configuring access to the company’s assets. The evolution of identity in the consumer and in the enterprise led to most IdPs supporting OAuth, and they typically work as SaaS outside the network perimeter of the enterprise (that is, they are exposed to the internet, not the intranet). This has several benefits because users can now log in to the enterprise’s services even outside the intranet and the VPN, improving the company’s productivity. This also brings security implications into play, which will be covered in detail in Chapter 5, Exploring Identity Patterns.

What companies tend to underestimate is that cloud IdPs nowadays take advantage of the OAuth protocol, which is very different from the previous protocols as it takes into account new concepts such as delegation across different services, app registration within the enterprise, and new authentication flows, which, in turn, can impact the way enterprises develop services and APIs.

In an enterprise, user information, identity, and access are managed by the company, which deals with the life cycle of the digital identities of its employees (at a minimum, some companies even host external identities as vendors and/or contractors in their IdP). Companies typically have processes to onboard the employee’s digital identity when hired (provisioning). The identity is then used to enable the user to access the company’s tools, services, and websites and, finally, when the user leaves the company, there is a process to delete/disable (deprovision) the user’s digital identity to prevent unwanted access to company resources.

From our experience in enterprises, we can certainly state that the concept of the user-centric approach is not yet widely adopted. IT departments and project teams are not able to collaborate efficiently with each other while working on projects/apps because they are not organized properly. Sometimes, different teams inside the organization use different IdPs, which makes the user-centric approach complicated. As a result, it often results in a very bad practice of managing user identity consistently. This outlines the importance of an organization having a clear strategy in this domain. As we are going to see in the rest of this book, it’s important to develop a strategy not only to ease the life of the users but also to handle everything that requires authentication, including service-to-service authentication.

If a bad strategy or no strategy is in place, then some applications are even developed without any IdP. When no IdP is used in an application, then the user management feature is usually developed within the application itself with further effort, using independent and custom-developed logic, which is a model that was followed in the past (before 2000) when IdPs didn’t exist at all. When this happens, users need to use a different set of credentials according to the application they need to log in to. This scenario is also known as the distributed identity problem and was common in the early 2000s. The following diagram shows the distributed identity problem:

Figure 1.5 – Distributed identity problem example

Figure 1.5 – Distributed identity problem example

The consequence of such a model is having less productivity for the following reasons:

  • Users need to remember different sets of credentials
  • More lines of code have to be written for an application to handle the authentication logic, typically offloaded to an IdP, which results in increased maintenance and more time to market to develop a single application
  • User information is not centralized, which might result in users wasting time enriching their profiling information for each application
  • Identity needs to be managed by custom implementations, which may lead to security issues

These are the typical scenarios and the duties an enterprise needs to accomplish to manage its digital identities. If we look deeper, there are important implications for an architect to consider, as we will discuss in the upcoming section.

arrow left Previous Chapter
Chapter 1 of 15
Next Chapter arrow right
You have been reading a chapter from
Cloud Identity Patterns and Strategies
Published in: Dec 2022 Publisher: Packt ISBN-13: 9781801810845
© 2022 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (2)

Left arrow icon
Profile icon Giuseppe Di Federico
LinkedIn
Giuseppe Di Federico started working for Microsoft in 2011, with previous experience working for IBM and Accenture in software development. He became an architect for cloud and hybrid solutions, serving customers in more than 10 countries across EMEA. He had the opportunity to lead multicultural teams, visit many multinational customers, and learn about different cultures, mindsets, and assets, which enabled him to also appreciate how organizations' structures impact their results. During his experience, he has been able to appreciate many identity patterns designed to last, to be reliable and secure. In June 2022, he accepted the challenge to join a new leading-edge team for the greatest service company in Italy.
Read more
See other products by Giuseppe Di Federico
Profile icon Fabrizio Barcaroli
LinkedIn
Fabrizio Barcaroli (born in 1987) started his career as a consultant in Italy after obtaining a master's degree in computer science in 2012. In 2013, Fabrizio joined Microsoft as part of the Microsoft Consulting Services unit, where he developed his technical skills and helped customers achieve their business goals through the usage of Microsoft technologies. With the rise of the cloud era, Fabrizio specialized in cloud and identity solutions, and in 2020, he became a cloud solution architect, a technical advisor that helps close the gap between business needs and Microsoft technologies for big enterprises operating in the manufacturing, finance, and retail markets in Italy and across the globe.
Read more
See other products by Fabrizio Barcaroli
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Et al.
Et al.
Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.
Aug 2023 7 hours 40 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Generative AI with LangChain
Generative AI with LangChain
This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.
Dec 2023 12 hours 0 minutes
Mastering Tableau 2023
Mastering Tableau 2023
This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.
Aug 2023 22 hours 48 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Building AI Applications with ChatGPT APIs
Building AI Applications with ChatGPT APIs
This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.
Sep 2023 8 hours 36 minutes
Data Engineering with AWS
Data Engineering with AWS
Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.
Oct 2023 21 hours 12 minutes
Modern Data Architecture on AWS
Modern Data Architecture on AWS
Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.
Aug 2023 14 hours 0 minutes
Practical Guide to Applied Conformal Prediction in Python
Practical Guide to Applied Conformal Prediction in Python
Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.
Dec 2023 8 hours 0 minutes
TinyML Cookbook
TinyML Cookbook
With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.
Nov 2023 22 hours 8 minutes
Right arrow icon