Microsoft Identity Platform To Supplant Azure Active Directory for App Developers
Microsoft this week announced the new Microsoft Identity Platform as its latest means for adding identity support to applications.
The Microsoft Identity Platform was described by Microsoft as being an evolution from the current Azure Active Directory version 1.0 solutions. In Microsoft versioning logic, that also means that the Microsoft Identity Platform is already at version 2.0, even though it's apparently newly emerged.
The idea behind the new platform is to let developers build apps that can tap into both Microsoft accounts (such as Outlook.com or Hotmail.com accounts) and Azure AD accounts. There's also social media account support in conjunction with the Azure AD B2C service. The Microsoft Identity Platform also affords easier access to Microsoft Graph data for developers, according to a Microsoft video description. Microsoft is currently working "to close the gap" so that all Azure AD API capabilities will be available to the Microsoft Graph "by the end of the year."
Old vs. New Identity Platforms
Here's Microsoft's block diagram illustrating the two identity platforms:
Developers using Azure Active Directory 1.0 solutions used the Azure AD Authentication Library (ADAL). The new Microsoft Identity Platform instead uses the Microsoft Authentication Library (MSAL). MSAL is an open source library that provides support for single sign-on experiences and passwordless authentications for application users.
Microsoft is claiming that applications built with ADAL will "continue to work," and developers can update them to use MSAL "when you're ready." They'll work together because they use a "shared token cache."
There's an incentive, though, for developers to use MSAL, as their apps will work with Microsoft's conditional access solutions.
"By using MSAL you get built-in benefits for your application like single sign-on, advanced security, passwordless authentication, and being able to comply with conditional access policies implemented by IT," Microsoft explained.
Microsoft itself is already using MSAL. It was used to build Visual Studio and Azure PowerShell solutions.
Microsoft is also touting the certifications of the Microsoft Identity Platform's endpoint and Azure AD's endpoint as both being OpenID Certified for OpenID Connect. OpenID Connect is an authentication protocol based on the OAuth 2.0 protocol. The use of OpenID Connect has benefits for application developers because it dispenses with them having to store passwords for apps.
"OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files," the OpenID Foundation's FAQ explained.
New App Registration Process
Developers use the Azure Portal to register their apps using the Microsoft Identity Platform. This week Microsoft announced that a "new App registrations experience" in the Azure Portal is now at the GA stage.
This new App registration experience puts all apps into one list so that developers don't have to go to different portals to see them. Microsoft is also claiming easier registration and management of applications. Also, developers will see "additional details about your app, quick start guides, and more" with the new App registrations experience.
The new App registration experience is shown off in this Microsoft Build 2019 session.
The old App registrations experience will get removed "in the following weeks," Microsoft's announcement indicated. It'll only stick around for apps that solely use a Microsoft account.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.