Search⌘ K
AI Features
Home
Courses
Azure Cloud Solutions Architect Program

Building Blocks of IAM

Explore the core components of Identity and Access Management in Azure, including identities, roles, and scope. Understand how Microsoft Entra ID and Azure RBAC control access to resources. Gain insights into user, group, and application identities, role assignments, and how to determine resource scope for secure management.

We'll cover the following...

Let’s understand the three main components of IAM:

  • Identities
  • Roles
  • Scope

Identities

Identities is a component that’s represented by a security principleSecurity principle is an entity that can be authenticated and authorized to access resources. A security principal can be a user, a group of users, a computer system, or even an application or service.. When we talk about authentication and authorization, we’re basically applying that to identities. The identities component also has three further categories:

  • Users: These are the users of our organization or the external users added to our Entra ID account to provide them with access to our organization’s resources. Users can also be hybrid identitiesA hybrid identity is a type of identity that spans across both on-premises and cloud environments. It allows users to use the same set of credentials to access resources in their local network as well as in the cloud., which are created once we sync the on-premises Active Directory with Entra ID.

  • Groups: Entra ID offers us a feature to group multiple users together so that the ones that need similar types of access can be put in one group. If an access policy is applied to a group, all the users who are members of that group will be subjected to the same policy.

  • Applications: An ...