Microsoft Identity Platform To Supplant Azure Active Directory for App Developers

Microsoft this week announced the new Microsoft Identity Platform as its latest means for adding identity support to applications.

The Microsoft Identity Platform was described by Microsoft as being an evolution from the current Azure Active Directory version 1.0 solutions. In Microsoft versioning logic, that also means that the Microsoft Identity Platform is already at version 2.0, even though it's apparently newly emerged.

The idea behind the new platform is to let developers build apps that can tap into both Microsoft accounts (such as or accounts) and Azure AD accounts. There's also social media account support in conjunction with the Azure AD B2C service. The Microsoft Identity Platform also affords easier access to Microsoft Graph data for developers, according to a Microsoft video description. Microsoft is currently working "to close the gap" so that all Azure AD API capabilities will be available to the Microsoft Graph "by the end of the year."

Old vs. New Identity Platforms
Here's Microsoft's block diagram illustrating the two identity platforms:

[Click on image for larger view.] The current Azure AD 1.0 platform vs. the new Microsoft Identity Platform 2.0 (source: Microsoft document).

Developers using Azure Active Directory 1.0 solutions used the Azure AD Authentication Library (ADAL). The new Microsoft Identity Platform instead uses the Microsoft Authentication Library (MSAL). MSAL is an open source library that provides support for single sign-on experiences and passwordless authentications for application users.

This week, Microsoft announced that MSAL support for .NET and JavaScript had reached "general availability" (GA) status, meaning that it's ready for production use. MSAL support for Android and iOS is currently at the preview stage, but Microsoft expects support to reach GA "in the coming months." Microsoft is also working on MSAL support for Java and Python.

Microsoft is claiming that applications built with ADAL will "continue to work," and developers can update them to use MSAL "when you're ready." They'll work together because they use a "shared token cache."

There's an incentive, though, for developers to use MSAL, as their apps will work with Microsoft's conditional access solutions.

"By using MSAL you get built-in benefits for your application like single sign-on, advanced security, passwordless authentication, and being able to comply with conditional access policies implemented by IT," Microsoft explained.

Microsoft itself is already using MSAL. It was used to build Visual Studio and Azure PowerShell solutions.

OpenID Certs
Microsoft is also touting the certifications of the Microsoft Identity Platform's endpoint and Azure AD's endpoint as both being OpenID Certified for OpenID Connect. OpenID Connect is an authentication protocol based on the OAuth 2.0 protocol. The use of OpenID Connect has benefits for application developers because it dispenses with them having to store passwords for apps.

"OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files," the OpenID Foundation's FAQ explained.

New App Registration Process
Developers use the Azure Portal to register their apps using the Microsoft Identity Platform. This week Microsoft announced that a "new App registrations experience" in the Azure Portal is now at the GA stage.

This new App registration experience puts all apps into one list so that developers don't have to go to different portals to see them. Microsoft is also claiming easier registration and management of applications. Also, developers will see "additional details about your app, quick start guides, and more" with the new App registrations experience.

The new App registration experience is shown off in this Microsoft Build 2019 session.

The old App registrations experience will get removed "in the following weeks," Microsoft's announcement indicated. It'll only stick around for apps that solely use a Microsoft account.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube