Cloud Identity for grannies
‘Hi grandma, I am joining the Microsoft Identity platforms organization as a Program Manager!
‘I am sure that is great, but what is identity?’
The above conversation I had with grandma got me thinking. Nobel-prize winning physicist, Richard Feynman, once said If you can’t explain something in simple terms, you don’t understand it.
Do I understand cloud identity well enough to explain it in simple terms to my 90-year-old grandmother? I am not 100% sure I’ll succeed but I am 100% sure I want to give it a shot and so born is this post.
Before I talk about Identity in the cloud I think I need a minute to explain the cloud. ‘Wait, what? oh no, grandma! It’s not gonna rain.’
Cloud computing is a neat little mechanism by which many of the computing resources that you need are placed online instead of in your bedroom.
Grandma, instead of storing all your favourite songs in vinyl records and worrying about it disintegrating or getting borrowed by annoying relatives never to be returned, you can now get it all on let’s say Spotify, and listen to it from anywhere on the planet ( and even the international space station if I am not mistaken). All you need is a stable internet connection. Big organizations are doing the safekeeping for you while you just pay them the fee to take care of the resources without worrying about anything else.
Okay, enough of ‘cloud’, let’s get to Identity and cloud Identity.
Anything that can be authenticated is an Identity. Since you have an iPad and an Apple account with a username and password granny, you are an Identity! But Identity doesn’t have to be users, it can also be other applications or servers which does things on behalf of users. They will be using certificates or secrets instead of username and passwords but that’s a topic for another day.
Now, what is cloud identity? Like everything on the cloud, the pain of managing identities can also be delegated to cloud service providers like Microsoft Azure.
Suppose you are building a website for the old cronies of yours to upload photos of their hand-knitted sweaters and sell them. You have 2 options to handle their user accounts.
- Manage the username password by yourself in your website with a database and worry about the safety of the password.
- Subscribe to a cloud Identity provider like Microsoft Azure Active Directory and forget about all the user accounts management hassles.
Needless to say, the second option is much safer and easier. You are already ninety grandma, you don’t want to waste any more time worrying about identity management, do you? You should really be focusing all your energy on making the website the best ever and not on the nitty-gritty of identity.
Before we wrap up grandma I want to give you a quick overview of a couple of advanced topics but I am sure you’ll do just fine.
Modern authentication
Relying on password-based authentication alone has a number of problems. Remember that time when you had put your bank account username and password on a sticky note on the fridge and the electrician almost transferred all your retirement money into his personal account and emigrated to Hawaii? Yeah, that one. With modern authentication that won’t happen. If the Identity provider feels like a login attempt is not made by you but your rogue electrician or any other malicious entities ( no offence to electricians ) it will trigger a number of other safety fall back mechanisms like One-time password, authenticator app-based authentication etc. This is called MFA ( Multi-factor authentication )
Single Sign-On
The more involved you get on the internet, the more websites and services you’ll be using and traditionally that means you’ll be creating more and more usernames and passwords and of course forgetting them. ‘Wait, what? You have perfect memory and only minor hearing problems?! Of course, this is for people who are forgetful granny!’
With single sign-on enabled all you need is one username-password combination and you can log in with that account to a variety of websites. If all goes well, from your usual computer/ mobile device you won’t even have to key in your username and password again and again across those websites! The identity provider just magically knows that it’s you and will let you in without asking for credentials. ( It’s not exactly magic but cookies and some other stuff which is beyond my granny at this point of time, but I am sure she will get there soon)
I hope you enjoyed this largely fictitious conversation that I have had with my grandma and also that it helped you get a teensy bit closer to understanding cloud Identity.
More about Microsoft Identity Platform.
More about the Author
