Index
As this ebook edition doesn't have fixed pagination, the page numbers below are hyperlinked for reference only, based on the printed edition of this book.
A
AAD, authentication types
federated authentication 172
MFA 171
passwordless authentication 175, 176
PHS 173
Primary Refresh Token (PRT) 173, 174
PTA 172
AAD Connect Cloud Sync 166
AAD Connect Sync 165
AAD-issued token
AAD Provisioning Agent 168
AAD tenant 195
AAD, user provisioning
Identity Protection 189
Privileged Identity Management (PIM) 189, 190
synchronization, from cloud HR system to 166, 167
synchronization, from on-premises to 165, 166
synchronization, to cloud application from 168
synchronization, to on-premises application or system from 168-170
verifiable credentials 194, 195
access package 193
access token 41
access token-based 99
Active Directory (AD) 42
Active Directory Federation Services (ADFS) 20, 149, 172
features 150
AD Domain Services (AD DS) 160
administrative units 161
agility 38
allow public client flows 179
alternative credit and financial identity 204
anti-money laundering (AML) 204
API authentication
complexity, of defining guidance and blueprints 110
API landscape complexity 112-115
application authorization 93
application automation API 117, 118
application-based registration 222
application frontend API
application identity 84
application registration 159
App registrations
Authentication menu 179
certificates and secrets 179
Expose an API permissions 181, 182
Token configuration menu 180
App registrations menu 177, 178
Authentication menu 178
artificial intelligence (AI) 189
Auth0 151
authentication
implications, in service mesh 131-134
types 48
authentication server 17
authorization code 72
authorization code grant flow 72, 73
authorization server 64
Azure Active Directory (AAD) 144-146, 155
additional features 186
authentication protocols 161-164
authentication types 170
features 145
types of objects, interactions 157
user provisioning 164
users, types 158
Azure Active Directory B2C (AD B2C) 147, 149
capabilities 148
Azure Active Directory Domain Services (AD DS) 147
B
backend for frontend (BFF) 117, 225
background screening 204
banking site 210
behavioral biometrics 203
biometrics measure 203
business logic 86
Business-to-Business (B2B) 48, 146
Business-to-Consumer (B2C) 146
C
catalog 193
certificate-based authentication 150
claim 21
client credentials grant flow 76-78
Client to Authenticator Protocol (CTAP) 34
cloud application 168
cloud-based IDPs 138
cloud company
rules 38
cloud IDP 138
cloud-only identities 42
cloud user 158
company’s structure
Conditional Access 121, 186-188
confidential (private) clients 68
Consent management platform (CMP) 203
consent model 160
consumer market 4
digital transformation, impact on 4, 5
Continuous Access Evaluation Protocol (CAEP) 35
cookie-based 99
cookies 23
Create, Read, Update, and Delete (CRUD) 158
cross-realm authentication 18
custom attributes 170
customer IAM (CIAM) 203
customer Identity 150
admin tools 151
from SAP Customer Data Cloud 150, 151
integration tools 151
registration and login options 151
Screen-Sets 151
UI Customization 151
Customer Identity and Access Management (CIAM) 147
D
decentralized identifiers (DIDs) 35, 51, 194, 204
delegation option 211
demilitarized zone (DMZ) 149
digital transformation
impact, on consumer market 4, 5
directory services 17
Distributed Ledger Technology (DLT) 36
document verification 204
domain-based registration 220, 221
Dynamic Link Library (DLL) 150
E
ECMA Connector Host 168
endpoint security 202
Enterprise applications menu 183, 184
AAD-issued token, example 184-186
enterprise identity strategy
enterprise market 4
enterprise master patient index (EMPI) 204
E-signatures and certifications 202
extensible 40
eXtensible Markup Language (XML) 23
external identities
Extract, Transport, Load (ETL) 151
F
federated authentication 172
federated identity model 19, 20
cookies 23
goals/traits 20
tokens 23
fraud prevention and risk management (FPRM) 204
Front-channel logout URL 179
G
Gartner Magic Quadrant 143
General Data Protection Regulation (GDPR) 142
Grant Negotiation and Authorization Protocol (GNAP) 35
guest user 158
H
header-based authentication 161
Home realm discovery (HRD) 21
home tenant 159
hosted IDP 138
Human Capital Management (HCM) 43
Human Resources (HR) systems 166
AAD Provisioning Service 166
SuccessFactors 166
Workday 166
hybrid flows 81
hybrid identities 42
hybrid user 158
I
identity
enterprise standards, defining 123, 127, 128
Identity-as-a-Service (IDaaS) 48
Identity Experience Framework (IEF) 148
Identity Governance 192
identity governance and administration (IGA) 202
identity graphing and resolution 203
Identity of Things 203
Identity Overlay Network (ION) 195
identity proofing 204
Identity Protection 189
Identity Provider (IdP) 6, 20, 34, 114, 204
technical decision factors 138-140
identity strategy
identity theft protection 204
identity verification (IDV) 204
identity wallets 204
implicit grant and hybrid flows 179
inbound integration anti-pattern 226
Infrastructure-as-a-Service (IaaS) 4
insurance site 210
integrated Windows authentication (IWA) 162
International Organization for Standardization (ISO) 142
Internet Engineering Task Force (IETF) website 91
Internet Information Services (IIS) 49
intranet portal 88
J
K
authentication protocol 17
Kerberos Constrained Delegation (KCD) 162
Kerberos v5 17
Key Distribution Center 49
L
LDAP authentication 161
Lightweight Directory Access Protocol (LDAP) 17, 18
M
managed identity 160
Managed Service Accounts (MSAs) 160
Massachusetts Institute of Technology (MIT) 17
master data management (MDM) 203
micro-frontend concept 225
microservices integration
authentication challenges 223-227
Microsoft Authentication Library (MSAL) 95
Microsoft Authenticator application 171, 195
application permissions 196
Microsoft Identity Manager (MIM) 166
mobile identity device intelligence 204
Model-View-Adapter (MVA) 86
Model-View-Controller (MVC) 86, 213
monolith 213
Multi-Factor Authentication (MFA) 157, 171
mutual TLS (mTLS) 114
N
National Institute and Standards for technology (NIST) 142
authentication, scenarios 93-95
native applications 67
types 68
NetIQ Access Manager (NAM) 172
network and infrastructure security 203
Network File System (NFS) 49
O
OATH software and hardware tokens 171
OAuth
concept 58
tokens, types 66
OAuth 2.0 and OIDC authentication 161
OAuth 2.1 specification 76
OAuth, and OIDC
OAuth and OIDC protocols
authorization server endpoints 67
OAuth/OIDC flow
authentication/authorization, implementing 60
roles 63
Okta, pillars
devices 152
directories 151
Identity Engine 152
insights 152
integrations 152
workflows 152
On-Behalf-Of (OBO) flow 79, 80
on-premises application or system 168
concept 58
tokens, types 67
Open System Interconnection (OSI) 17
Operating Expenses (OPEX) 42
P
Pass-through authentication (PTA) 165, 172
password hash synchronization (PHS) 173
passwordless authentication 175, 176
patterns, terminology
application identity 84
native application 84
service 85
single-page applications (SPAs) 84
user agent 85
Web (REST) API 85
Payment Card Industry Data Security Standard (PCI-DSS) 142
Personal Computer (PC) 48
phone verification 171
Platform as a Service (PaaS) 4, 31, 110
portability 39
Presentation-Abstraction-Control (PAC) 86
presentation model 195
Primary Refresh Token (PRT) 173, 174
Privileged access management (PAM) 202
Privileged Identity Management (PIM) 189
Proof Key for Code Exchange (PKCE) 73, 74
authorization code grant flow 74, 75
public clients 68
Public Preview 169
R
RADIUS authentication 161
realm 18
real world
backend authentication challenges 212-217
frontend authentication, challenges 208-212
identity features, within enterprise 202-204
real world, backend authentication challenges
application-based registration 222
domain-based registration 220, 221
Redirect URIs 178
regulatory compliance transaction monitoring 204
Representational State Transfer (REST) 46
Request for Comment (RFC) 11, 65
Resource Owner Password Credentials (ROPC) 68, 78, 79
S
SAML authentication 162
SAP Customer Data Cloud
customer Identity from 150, 151
Security Assertion Markup Language (SAML) 25-27
security principal 157
Security Services Technical Committee (SSTC) 25
security token 21
Security Token Service (STS) 21
self-sovereign identity (SSI) 204
service 85
service-level agreement (SLA) 211
authentication implications 131-134
Service Message Block (SMB) 49
service provider 21
service-to-service authentication 131
signed security token 21
signup/sign-in outsourcing
benefits 9
Simple Certificate Enrollment Protocol (SCEP) 150
Simple Object Access Protocol (SOAP) 23
single-page applications (SPAs) 84, 97
additional consideration 104, 105
security considerations 105
Single-Page Applications (SPAs) 74
single-page applications (SPAs), authentication pattern
Single Sign-On (SSO) 6, 15-17, 46, 119, 149, 203
implementing, components 16
Software as a Service (SaaS) 4, 42
supported account types 179
synchronization option 210
System and Organization Controls (SOC) 142
System for Cross-Domain Identity Management (SCIM) 35, 146
T
technical profile 148
tenant 157
ticket-granting server (TGS) 17
time-based one-time passwords (TOTPs) 171
tokens 23
trust 19
Trusted Platform Module (TPM) 175
U
UGC moderation 203
Unified Resource Locator (URL) 21
user agent 85
user and entity behavior analytics (UEBA) 203
user authentication-only pattern 87-91
User Principal Name (UPN) 157
user provisioning 164
categories 164
V
verifiable credential 53, 194, 195
actors or entities, interaction 53
example 54
vertical API approach 111
Virtual Private Network (VPN) 149, 161
W
W3C DIDs 52
W3C Verifiable Credentials Data Model 1.0 52
additional considerations 91, 92
layers 86
user authentication-only pattern 87-91
Web (REST) API 85
workforce IAM 203
World Wide Web Consortium (W3C) 34, 195
WS-Federation 24
WS-Federation Active Requestor Profile 25
WS-Federation Passive Requestor Profile 24
WS-Security 24