Microsoft released a new Azure feature aimed at minimizing security risk during authentication.
The Federated Identity Credentials system is designed to minimize the number of times a user will have to hand over their secure credential information when using multiple services via Microsoft Entra.
The idea is that the end user only needs to log into one service to begin their session. After the initial login they are then allowed to log into other services without handing over their secure login credentials and certificates.
“This process, known as the Workload Identity Federation flow, supports tokens from GitHub, Kubernetes, and other third-party OIDC issuers,” said Microsoft.
“With this new capability, apps can also accept managed identity tokens issued by Microsoft Entra.”
To be more technical, when initially logging in with a Microsoft Entra service, the user will be issued a token. That token will be valid for every service that supports the Microsoft Entra API.
Using Entra minimizes the number of times a user needs to hand over their secret information such as login credentials or secure key information, which reduces the risk surface by minimizing the chance for a threat actor to have access to the secret information.
Such tactics are increasingly popular methods in the identity management space. Okta recently made a unified identity management system the central part of its future business plan.
Vendors see identity management solutions as central part of their information security plan in large part because using one token over multiple services minimizes the chances of intercept and protects from data breach at the hands of a third-party vendor who could otherwise have to collect sensitive information.
In Microsoft’s case, the Entra platform includes not only the Azure services, but also a number of apps making use of Kubernetes and GitHub.
“Customers using Microsoft Entra ID applications to authenticate users, access resources on behalf of users, or perform cross-tenant access can enhance their security by adopting managed identities as federated identity credentials,” said Microsoft.
“This approach is more secure and robust compared to managing secrets, rotating certificates, and handling multiple permission sets for apps and managed identities.”
