PL 400: Design authentication and authorization strategy (Part 1)

This article is a continuation of my PL 400 preparation. All information and images are taken from Microsoft doc or community. This effort is part of learning and sharing.

Security is an essential component of software. Nowadays, since entire processes and services run on the cloud, authentication and authorization are highly important as it enables organizations to keep their networks secure by allowing only authenticated users (or processes) to access their protected resources, including Computer systems may include networks, databases, websites and other network-based applications or services.

By definition, Authentication is:

the process or action of verifying the identify of User or Process.
and Authorization means :

Authorization is a security mechanism to determine access levels or user/client privileges related to system resources including files, services, computer programs, data and application features.

Microsoft Power Platform is a line of business intelligence, app development, and app connectivity software application. All of the Power Platform tools rely on the Azure Active Directory identity services for user accounts and licensing. Administrators therefore use the standard Azure tools, such as Microsoft 365 admin center, for user account maintenance and license assignment. 





The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.

  • Single sign-on simplifies access to your apps from anywhere.
  • Conditional Access and multi-factor authentication help protect and govern access.
  • A single identity platform lets you engage with internal and external users more securely.

User Accounts of all of the Microsoft's cloud offerings are stored in a Azure Active Directory (Azure AD) tenant which contains user accounts and groups. Tenant refers to the container in which all your different environments reside. In other words, a tenant is the regional location that contains servers that provide cloud services.

In addition to Azure Active Directory, licensing plays an important role in this process. Licensing is like the first control-gate to allow access to Power Apps components. Access to Power Apps and Power Automate begins with having a license. The type of license the user holds determines what assets and data the user can access.

In the Power Platform, there are five layer of security:

  • Azure AD Conditional Access.
  • Environment Roles
  • Resources Permission for Apps, flows, custom connectors
  • CDS Security Roles 
  • Cross-tenant inbound & outbound restriction to the 300 + connectors to Cloud services, content services, DBs, APIs etc.

Comments

Popular posts from this blog

Exploring the Differences: Managed vs. Unmanaged Solutions in Dynamics CRM/Dataverse

PCF vs. Web Resources: Choosing the Right Extensibility Tool for Dataverse

Effective Strategies for Debugging Plugins in Dynamics CRM