Microsoft, and the general identity industry, has recommended that applications use certificates over secrets when it comes to credentials for things like applications. This recommendation has existed for about as […] The post Spying on your ISVs credential choices appeared first on Eric on Identity.| Eric on Identity
For those that must manage application integrations in Entra ID, it’s an inevitable question: What is the difference between an App Registration and an Enterprise Application? Why are there two […] The post Entra App Registrations and Enterprise Applications: The Definitive Guide appeared first on Eric on Identity.| Eric on Identity
Many are familiar with Active Directory, the on-premises directory and authentication system that is available with Windows Server, but exactly what is Azure Active Directory? Azure Active Directory (Azure AD or AAD) is a multi-tenant cloud directory and authentication service. Azure AD is the directory service that Office 365 (and Azure) leverages for account, groups, … Continue reading| Active Directory Security
If you haven’t followed the news recently, Descope released an article diving into how their security researchers were able to abuse OpenID Connect (OIDC) ID token claims to spoof the […] The post The nOAuth “flaw” is a symptom of industry anti-patterns appeared first on Eric on Identity.| Eric on Identity
Audit logs can provide all sorts of wonderful points of data. In the interest of identity security, we have historically seen that we can glean rich sets of information around […] The post Dude, Where’s My Audit Logs? appeared first on Eric on Identity.| Eric on Identity