Comments (4)
@LijuV-MSFT
Thanks for your feedback! We will investigate and update as appropriate.
from entra-docs.
@LijuV-MSFT Certificate-based authentication (CBA) with federation is a method of authentication that allows users to authenticate with Azure Active Directory (Azure AD) using a client certificate on a Windows, Android, or iOS device when connecting to Microsoft mobile applications such as Microsoft Outlook and Microsoft Word, as well as Exchange ActiveSync (EAS) clients.
Federation in this context refers to the use of a federated identity provider (IdP) such as Active Directory Federation Services (AD FS) to authenticate users. With CBA and federation, the client certificate is validated by the federated IdP, which then issues a security token that is sent to Azure AD for validation.
In contrast, native CBA allows users to authenticate directly with X.509 certificates against their Azure AD for applications and browser sign-in, without the need for a federated IdP.
The authentication flow for CBA with federation involves the following steps:
- The user presents their client certificate to the federated IdP for validation.
- The federated IdP issues a security token that includes the user's identity and other claims.
- The security token is sent to Azure AD for validation.
- Azure AD validates the security token and issues an access token that can be used to access the requested resource.
I hope this helps clarify things for you! Let me know if you have any further questions.
from entra-docs.
@LijuV-MSFT Certificate-based authentication (CBA) with federation is a method of authentication that allows users to authenticate with Azure Active Directory (Azure AD) using a client certificate on a Windows, Android, or iOS device when connecting to Microsoft mobile applications such as Microsoft Outlook and Microsoft Word, as well as Exchange ActiveSync (EAS) clients.
Federation in this context refers to the use of a federated identity provider (IdP) such as Active Directory Federation Services (AD FS) to authenticate users. With CBA and federation, the client certificate is validated by the federated IdP, which then issues a security token that is sent to Azure AD for validation.
In contrast, native CBA allows users to authenticate directly with X.509 certificates against their Azure AD for applications and browser sign-in, without the need for a federated IdP.
The authentication flow for CBA with federation involves the following steps:
- The user presents their client certificate to the federated IdP for validation.
- The federated IdP issues a security token that includes the user's identity and other claims.
- The security token is sent to Azure AD for validation.
- Azure AD validates the security token and issues an access token that can be used to access the requested resource.
I hope this helps clarify things for you! Let me know if you have any further questions.
Thank you, @SaibabaBalapur-MSFT ; yes, this makes it much clearer... Any chance you can add this to the document?
from entra-docs.
@LijuV-MSFT I will check internally with the document author. As of now, we are going to close this thread as resolved but if there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation.
from entra-docs.
Related Issues (20)
- parameter InviteRedirectUrl is required for command New-MgInvitation HOT 3
- Step #7 in Register passkey in Authenticator app on android device is incorrect HOT 2
- Missing Licenses (SKUs) from Table and CSV HOT 2
- Simulate Workload Identities Risk Learning Period HOT 2
- Inconsistent IDs in Example 7 of "Assign custom admin roles using the Microsoft Graph API in Microsoft Entra ID" Document HOT 4
- Inconsistent statement for SAML/WS-Fed identity provider configuration of required claims HOT 2
- previousDayDateTime24hrs included example but not explained HOT 5
- AppID is ambiguous on External ID Custom Authentication Extension instructions HOT 1
- Possibly incorrect description for AADSTS50074 on "Microsoft Entra authentication and authorization error codes" page HOT 4
- Update Segment docs to add flag to the Tenant URL HOT 3
- Invalid JSON examples HOT 1
- Entra Permissions Management Region Availability HOT 4
- Clarify operational requirements when assigning entitlement packages to users HOT 4
- Entra Connector Times out HOT 9
- Supported MFA options in External Microsoft Entra Tenants HOT 3
- Private DNS option missing in Entra Private access HOT 6
- Some service plans are missing in some Microsoft Teams Rooms licenses. HOT 6
- Documentation issue with workday-writeback-tutorial.md HOT 3
- There is no process to revert the SCIM Provisioning Mode to "Manual" HOT 1
- Permissions for Verified ID and LCW are missing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from entra-docs.