Table of Contents

Preface

Part 1: Impact of Digital Transformation

1

Walkthrough of Digital Identity in the Enterprise

Digital transformation – the impact on the market

Why an enterprise identity strategy?

The impact of identities on the UX

Digital identities – the duties of an enterprise

The challenges when defining an identity strategy

Single sign-on (SSO)

LDAP and Kerberos

Federation of identities

Federation terminology

Federation example

Cookies and tokens

WS-Federation

WS-Federation Passive Requestor Profile

WS-Federation Active Requestor Profile

Security Assertion Markup Language (SAML)

Summary

2

The Cloud Era and Identity

The cloud era

Identity in the cloud era

The pillars of a cloud company

The challenges of identity

The cloud identity

A hybrid identity

The future of identity

Summary

Part 2: OAuth Implementation and Patterns

3

OAuth 2.0 and OIDC

OAuth and OIDC basic concepts

How OAuth and OIDC work together

How the protocols are implemented in the real world

Technical background

Summary

4

Authentication Flows

The authorization code grant flow

The authorization code grant flow with PKCE

The implicit grant flow

The client credentials grant flow

The ROPC grant flow

The OBO flow

Hybrid flows

Summary

5

Exploring Identity Patterns

Understanding the basic terminology

Web applications

User authentication only pattern

Additional considerations

Native applications

Application authorization pattern

SPAs

Single-page authentication pattern

Additional considerations

Security considerations

Summary

Part 3: Real-World Scenarios

6

Trends in API Authentication

The complexity of defining standard guidance

The vertical API approach

API landscape complexity

The application frontend API flow

The application automation API

The multiple IdP dilemma

Defining enterprise standards for identity

The service mesh and identity management

Authentication implications in a service mesh

Common antipatterns

Summary

7

Identity Providers in the Real World

The technical aspects

The non-technical aspects

Azure Active Directory (AAD)

Azure Active Directory Domain Services (AD DS)

Azure Active Directory B2C (AD B2C)

Active Directory Federation Services (AD FS)

Customer Identity from SAP Customer Data Cloud

Okta (Auth0)

Summary

8

Real-World Identity Provider – A Zoom-In on Azure Active Directory

An overview of AAD

AAD basics

Supported authentication protocols

User provisioning

Authentication types

Registering and configuring applications

App registrations

Enterprise applications

Additional features

Conditional Access

Identity Protection

Privileged Identity Management

External identities

Verifiable credentials

Microsoft Graph

Summary

9

Exploring Real-World Scenarios

The identity features within an enterprise in the real world

The implications of the company’s structure

Frontend authentication challenges in the real world

Backend authentication challenges in the real world

Pattern 1 – multiple IDPs

Pattern 2 – a single IdP

Pattern 3 – domain-based registration

Pattern 4 – application-based registration

Authentication challenges for microservices integration

Summary

Index

Other Books You May Enjoy