Authentication means specifying who can access the system and authorization is applied to activities that a user can perform after getting inside the system or application. Solution architects must consider the appropriate authentication and authorization system while creating a solution design. Always start with the least privileged and provide further access as required by the user role.

If your application is for corporate internal use, you may want to allow access through a federated organizational system such as Active Directory, SAML 2.0, or LDAP. If your application is targeting mass user bases such as social media websites or gaming apps, you can allow them to authenticate through OAuth 2.0 and OpenID access, where users can utilize their other IDs such as Facebook, Google, Amazon, and Twitter.

It is important to identify any unauthorized access and take immediate action to mitigate security threats, which warrants continuously monitoring and auditing the access management system. You will learn about application security in Chapter 8, Security Considerations.