M2 : Describe identity concepts

Authentication

Authentication is the process of proving that a person is who they say they are.
AuthN

Authorization

authorization determines the level of access or the permissions an authenticated person has to access data and resources.
AuthZ

Identity

An identity is the set of things that define or characterize someone or something. For example, a person’s identity includes the information they use to authenticate themselves, such, as their username and password and their level of authorization.

An identity may be associated with a user, an application, a device, or something else.

What are four pillars of Identity Infrastructure ?

1) Administration
2) Authentication
3)Authorization

4) Auditing

Administration Pillar

Administration is about the creation and management/governance of identities for users, devices, and services. As an administrator, you manage how and under what circumstances the characteristics of identities can change (be created, updated, deleted).

Authentication Pillar

The authentication pillar tells the story of how much an IT system needs to know about an identity to have sufficient proof that they really are who they say they are. It involves the act of challenging a party for legitimate credentials.

Authorization Pillar

The authorization pillar is about processing the incoming identity data to determine the level of access an authenticated person or service has within the application or service that it wants to access.

Auditing Pillar

The auditing pillar is about tracking who does what, when, where, and how. Auditing includes having in-depth reporting, alerts, and governance of identities.

Identity provider

An identity provider creates, maintains, and manages identity information while offering authentication, authorization, and auditing services.

With modern authentication, all services, including all authentication services, are supplied by a central identity provider. Information that's used to authenticate the user with the server is stored and managed centrally by the identity provider.

With a central identity provider, organizations can establish authentication and authorization policies, monitor user behavior, identify suspicious activities, and reduce malicious attacks.

SSO

Another fundamental capability of an identity provider and “modern authentication” is the support for single sign-on (SSO). With SSO, the user logs in once and that credential is used to access multiple applications or resources. When you set up SSO between multiple identity providers, it's called federation.

Federation

Setting up SSO between multiple identity providers is called federation

Directory Services

A directory is a hierarchical structure that stores information about objects on the network. A directory service stores directory data and makes it available to network users, administrators, services, and applications.

Active Directory

Active Directory (AD) is a set of directory services developed by Microsoft as part of Windows 2000 for on-premises domain-based networks. The best-known service of this kind is Active Directory Domain Services (AD DS

AD DS

Active Directory Domain Services (AD DS). stores information about members of the domain, including devices and users, verifies their credentials, and defines their access rights.

AD DS is a central component in organizations with on-premises IT infrastructure.

AD DS gives organizations the ability to manage multiple on-premises infrastructure components and systems using a single identity per user. AD DS doesn't, however, natively support mobile devices, SaaS applications, or line of business apps that require modern authentication methods.

A server running AD DS is a domain controller (DC).