Work with IAM platforms

- [Instructor] In this lesson, we're going to get hands-on with an IAM platform so that you can better understand the underlying concepts and how they help secure our microservices. For our exploration, we'll be using Microsoft Entra. It's one of the most widely used identity and access management platforms. Now Entra is really an entire family of security services offered by Microsoft, and here you can see all of the great capabilities that it delivers. The feature set that we'll be using is Microsoft Entra ID because it's where we find core capabilities like app registration and OAuth configurations that we'll need to secure microservices. To work with Entra ID, you'll need to log into the admin center by navigating to entra.microsoft.com within your web browser. Now, if you worked with the Azure Cloud, the layout and style of this portal should feel familiar, and that's because Microsoft Entra Identity is primarily a cloud-based Identity as a Service. In the past, the service was known as Azure Active Directory, so just know that you might encounter its former name if you're looking at older information on the web. Over here on the sidebar, within this identity group, we'll find the capabilities that we need to architect and build a secure distributed system composed of microservices. So imagine the microservices we're building are part of an internal system that's meant for use only by the employees of an organization. An identity store is one of the core capabilities that we'll need to create this system because we need a way to authenticate the employees and determine if they're authorized to access the data and capabilities that our microservices provide. With Entra, the identity store is built right into the platform, right here in this section named users. Now this identity store contains all of the internal user accounts for the organization and their Azure tenant. So these user identities and their associated credentials can be used for authentication and authorization purposes across many applications within the organization, including the microservices that we're going to secure. So let's go ahead and create a new user identity that can access our microservice base application. To do that, we're going to click on all users, and then here within this dropdown, I'm going to select create a new user. The first thing we'll need to do is provide the user principle name of the user. This is kind of like their username. I'm going to keep it short here, and we'll just go with msecuser1 for microservice security user one. Then for the display name, I'm going to specify Test User 1. And then finally, we need to provide a password for this user. I'm not going to auto generate it, so I'll uncheck this box, and then here I'll provide a password that I've already created. If you're following along, you'll want to take note of this password so that you don't forget it. Okay, everything's in place. So let's go ahead. We'll click on the review and create button. We'll take one last look at the information to make sure everything looks good, and then we'll go ahead and create the user. Now once the user is created, we should see it appear in this list. Right there's Test User 1. Now let's go ahead, and we're going to copy the user principle name because we're going to attempt a login with this user. So in order to log in with the user, we can head over to the Azure portal, and once we're prompted to authenticate, I'm just going to provide the user principle name here, and then I'll click on the next button where we can provide the credentials for the user to sign them in. All right, then we'll be prompted for the password we created for the user. So just go ahead and provide that and then hit sign in. Okay, so you can see that we were successful with our login for the user, and now it's going to have us change their password on the first login. So let me go ahead, and I'll do that. And then after we change the password, it's going to warn us that we need to enable multifactor authentication. Now we have 14 days to do this, so for now we're just going to disregard it by clicking on Ask later. All right, and then finally, we'll specify that we want to stay signed in, and we have our first successful login to the Azure portal with the new user that we created. Having identities for authentication and authorization is one of the core building blocks you'll need when securing a microservice. So we started with the simple step of exploring the identity store, and we're going to expand upon that as the course progresses. In the next chapter, we'll be coming back to Entra as part of a deeper dive into protocols like OAuth and concepts like token management, which are essential for securing a microservice.