SC‑300 Study Portal Path 1

Home

Unit 12: Explore Authentication

Definition

Authentication validates that a user, device, or app is who they claim to be. It ensures trust

before granting access.

Goals

 Integrate across organizations and apps using standards.

 Support multiple validation methods (passwords, MFA, biometrics).

 Maintain a smooth end-user experience.

Authentication Capabilities

Capability Focus Example

Convenience Easy sign -in experience to encourage

secure use. Passwordless login via Windows

Hello.

Sources Where credentials are verified. On-prem AD, Entra ID, or a

federated IdP.

Protocols Standard communication methods. SAML, OIDC, WS -Fed.

Assurance Confidence level in identity verification. MFA or risk -based conditional

access.

Federated Identity

A federation links separate domains under a trust relationship so users can access shared

resources using existing credentials.

Example: Contoso users sign into Fabrikam’s app using Contoso AD credentials through

federation.

Common Authentication Protocols

Protocol Description

SAML Exchanges authentication/authorization data via XML.

WS-Federation Uses the Web Services Security framework for SSO across

domains.

OpenID Connect

(OIDC) Built on OAuth 2.0 for modern web and mobile SSO using JSON

tokens.

OpenID Connect and Claims-Based Identity

When a user signs in:

1. The user authenticates with the IdP (for example, Entra ID).

2. The IdP issues an ID token containing claims (key/value pairs such as

email=bob@contoso.com).

3. The application uses these claims for authorization.

Example Claim Payload

{

"sub": "1234567890",

"name": "John Doe",

"aud": "https://jwt.io"

}

Key Terms

 Claim: A data pair (key/value) inside a token.

 Assertion: A package of claims representing the user’s identity.

 Attribute: Individual data elements within a token.

 Augmentation: Adding extra claims (for example, department info from HR).

Security Tokens

Token Purpose

Access Token Grants access to APIs or protected resources. Short -lived.

Refresh Token Used to obtain a new access token without re -sign-in.

ID Token Verifies user identity in OIDC flows.

Example:

When signing into Outlook Web App, Entra ID issues an access token (for data access) and

an ID token (to prove identity).

JSON Web Token (JWT)

A JWT is a compact, signed JSON object for securely transmitting claims.

It can be verified with a secret or public/private key pair to ensure integrity.

← PreviousNext →