| title | description | services | author | manager | ms.service | ms.subservice | ms.topic | ms.workload | ms.date | ms.author | ms.reviewer |
|---|---|---|---|---|---|---|---|---|---|---|---|
Microsoft identity platform overview |
Learn about the components of the Microsoft identity platform and how they can help you build identity and access management (IAM) support into your applications. |
active-directory |
OwenRichards1 |
CelesteDG |
active-directory |
develop |
overview |
identity |
11/16/2022 |
owenrichards |
saeeda |
The Microsoft identity platform helps you build applications your users and customers can sign in to using their Microsoft identities or social accounts. It authorizes access to your own APIs or Microsoft APIs like Microsoft Graph.
There are several components that make up the Microsoft identity platform:
- OAuth 2.0 and OpenID Connect standard-compliant authentication service enabling developers to authenticate several identity types, including:
- Work or school accounts, provisioned through Azure AD
- Personal Microsoft accounts (Skype, Xbox, Outlook.com)
- Social or local accounts, by using Azure AD B2C
- Open-source libraries: Microsoft Authentication Library (MSAL) and support for other standards-compliant libraries.
- Application management portal: A registration and configuration experience in the Azure portal, along with the other Azure management capabilities.
- Application configuration API and PowerShell: Programmatic configuration of your applications through the Microsoft Graph API and PowerShell so you can automate your DevOps tasks.
- Developer content: Technical documentation including quickstarts, tutorials, how-to guides, and code samples.
For developers, the Microsoft identity platform offers integration of modern innovations in the identity and security space like passwordless authentication, step-up authentication, and Conditional Access. You don't need to implement such functionality yourself. Applications integrated with the Microsoft identity platform natively take advantage of such innovations.
With the Microsoft identity platform, you can write code once and reach any user. You can build an app once and have it work across many platforms, or build an app that functions as both a client and a resource application (API).
Choose your preferred application scenario. Each of these scenario paths has an overview and links to a quickstart to help you get started:
- Single-page app (SPA)
- Web app that signs in users
- Web app that calls web APIs
- Protected web API
- Web API that calls web APIs
- Desktop app
- Daemon app
- Mobile app
As you work with the Microsoft identity platform to integrate authentication and authorization in your apps, you can refer to this image that outlines the most common app scenarios and their identity components. Select the image to view it full-size.
Learn how core authentication and Azure AD concepts apply to the Microsoft identity platform in this recommended set of articles:
- Authentication basics
- Application and service principals
- Audiences
- Permissions and consent
- ID tokens
- Access tokens
- Authentication flows and application scenarios
Azure AD B2C - Build customer-facing applications your users can sign in to using their social accounts like Facebook or Google, or by using an email address and password.
Azure AD B2B - Invite external users into your Azure AD tenant as "guest" users, and assign permissions for authorization while they use their existing credentials for authentication.
If you have an Azure account, then you have access to an Azure Active Directory tenant. However, most Microsoft identity platform developers need their own Azure AD tenant for use while developing applications, known as a dev tenant.
Learn how to create your own tenant for use while building your applications:
[!div class="nextstepaction"] Quickstart: Set up an Azure AD tenant