News

Microsoft Identity Platform To Supplant Azure Active Directory for App Developers

Microsoft this week announced the new Microsoft Identity Platform as its latest means for adding identity support to applications.

The Microsoft Identity Platform was described by Microsoft as being an evolution from the current Azure Active Directory version 1.0 solutions. In Microsoft versioning logic, that also means that the Microsoft Identity Platform is already at version 2.0, even though it's apparently newly emerged.

The idea behind the new platform is to let developers build apps that can tap into both Microsoft accounts (such as Outlook.com or Hotmail.com accounts) and Azure AD accounts. There's also social media account support in conjunction with the Azure AD B2C service. The Microsoft Identity Platform also affords easier access to Microsoft Graph data for developers, according to a Microsoft video description. Microsoft is currently working "to close the gap" so that all Azure AD API capabilities will be available to the Microsoft Graph "by the end of the year."

Old vs. New Identity Platforms
Here's Microsoft's block diagram illustrating the two identity platforms:

[Click on image for larger view.] The current Azure AD 1.0 platform vs. the new Microsoft Identity Platform 2.0 (source: Microsoft document).

Developers using Azure Active Directory 1.0 solutions used the Azure AD Authentication Library (ADAL). The new Microsoft Identity Platform instead uses the Microsoft Authentication Library (MSAL). MSAL is an open source library that provides support for single sign-on experiences and passwordless authentications for application users.

This week, Microsoft announced that MSAL support for .NET and JavaScript had reached "general availability" (GA) status, meaning that it's ready for production use. MSAL support for Android and iOS is currently at the preview stage, but Microsoft expects support to reach GA "in the coming months." Microsoft is also working on MSAL support for Java and Python.

Microsoft is claiming that applications built with ADAL will "continue to work," and developers can update them to use MSAL "when you're ready." They'll work together because they use a "shared token cache."

There's an incentive, though, for developers to use MSAL, as their apps will work with Microsoft's conditional access solutions.

"By using MSAL you get built-in benefits for your application like single sign-on, advanced security, passwordless authentication, and being able to comply with conditional access policies implemented by IT," Microsoft explained.

Microsoft itself is already using MSAL. It was used to build Visual Studio and Azure PowerShell solutions.

OpenID Certs
Microsoft is also touting the certifications of the Microsoft Identity Platform's endpoint and Azure AD's endpoint as both being OpenID Certified for OpenID Connect. OpenID Connect is an authentication protocol based on the OAuth 2.0 protocol. The use of OpenID Connect has benefits for application developers because it dispenses with them having to store passwords for apps.

"OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files," the OpenID Foundation's FAQ explained.

New App Registration Process
Developers use the Azure Portal to register their apps using the Microsoft Identity Platform. This week Microsoft announced that a "new App registrations experience" in the Azure Portal is now at the GA stage.

This new App registration experience puts all apps into one list so that developers don't have to go to different portals to see them. Microsoft is also claiming easier registration and management of applications. Also, developers will see "additional details about your app, quick start guides, and more" with the new App registrations experience.

The new App registration experience is shown off in this Microsoft Build 2019 session.

The old App registrations experience will get removed "in the following weeks," Microsoft's announcement indicated. It'll only stick around for apps that solely use a Microsoft account.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.