FB pixel

Microsoft releases federated identity credentials for MS Entra

| Joel R. McConvey
Categories Access Control  |  Biometrics News
Microsoft releases federated identity credentials for MS Entra
 

Microsoft wants users of Microsoft Entra to be able to log in to accounts across services without resending secure login credentials and certificates. To enable this, it now allows apps to use federated identity credentials (FICs) to accept access tokens from trusted digital identity providers.

Thus, a token issued on login will be valid for services that support the Microsoft Entra API. Entra includes Azure services, as well as apps using Kubernetes and GitHub.

A dev blog explains that “using a managed identity as a federated identity credential (FIC) provides continuous access to resources without the need to manage secret and certificate expiration and renewal.”

Per a separate Microsoft blog, the so-called “Workload Identity Federation flow” configures a user-assigned managed identity or app registration in Microsoft Entra ID to “trust tokens from an external identity provider (IdP), such as GitHub or Google. The user-assigned managed identity or app registration in Microsoft Entra ID becomes an identity for software workloads running, for example, in on-premises Kubernetes or GitHub Actions workflows.”

The FIC system supports tokens from GitHub, Kubernetes, and other third-party OIDC issuers. Apps can now also accept managed identity tokens issued by Microsoft Entra.

Unified identity management

An article by Shaun Nichols on the Cyber Risk Alliance’s SC Media resource notes a trend toward unified identity management, pointing to Okta’s recent move to put unified identity management systems at the center of its future business plan.

“Vendors see identity management solutions as central part of their information security plan in large part because using one token over multiple services minimizes the chances of intercept and protects from data breach at the hands of a third-party vendor who could otherwise have to collect sensitive information.”

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Photo ID, proof of citizenship take center stage in US voting fight

The Safeguard American Voter Eligibility Act (SAVE) has become the centerpiece of a renewed congressional fight over who sets the…

 

AI fakery is turning fear into a voter suppression tool ahead of US elections

In the months leading up to the 2026 midterm elections which could see Democrats sweeping both the House and Senate,…

 

Alcatraz partners with gun violence group on school, workplace safety

Alcatraz has joined the Active Shooter Prevention Project (ASPP), a U.S.-based initiative that develops strategies to reduce risks in schools,…

 

V-Key gets PE firm backing to expand mobile digital identity security footprint

Singapore-headquartered digital identity and Mobile Application Protection and Security (MAPS) provider V-Key has a new majority investor, with Tower Capital…

 

IDfy secures $52M to pursue digital ID trust services ambitions

Digital ID verification firm IDfy has obtained funding of 476 crore Indian rupees, approximately US$52 million, to pursue its digital…

 

WSO2 to help MOSIP’s passwordless authentication platform eSignet Go Thunder

IIIT-Bangalore, home to India’s burgeoning digital public goods efforts, has formed a partnership through the MOSIP initiative it hosts with…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events