Summary
Here is a brief summary of the important concepts learned in this module:
Securing access to resources, whether on-premises or in the cloud, requires us to identify the users accessing those resources.
For authenticating web-site users, relying on a trusted third-party identity provider offers a number of advantages over implementing authentication yourself. Among those advantages are tighter security, support for single sign-on (SSO), and reduced development time.
With third-party identity providers, user credentials are stored by the provider and are never seen by the application.
Cloud service providers offer identity-provider services, as do popular social-media companies such as Facebook and Twitter.
Identity information regarding users within an organization (for example, a company) are usually stored in directory services such as Active Directory.
Directory services store identities for users, groups, and applications.
Federation allows users accessing cloud resources to be authenticated using on-premises directory systems.
Synchronization allows users accessing cloud resources to be authenticated using cloud-based directory systems whose contents are synced with on-premises directory systems.
Guest accounts allow users accessing an organization's resources to be authenticated using identities established outside the organization.
Federation, synchronization, and guest accounts reduce account sprawl and simplify identity management and access control.
Role-based access control (RBAC) is used to implement identity and access management (IAM) in cloud solutions.
Roles specify actions that can be performed on resources and are assigned to users and groups.
Roles can be applied to individual resources, groups of resources, subscriptions, and in some cases, groups of subscriptions. The level at which a role is applied is termed the resource scope.