Experiment No.

- 8
Date of Performance: 25/09/24
Date of Submission: 10/10/24
Program
Execution/ Viva
formation/ Timely Answer to
Documentation Experiment
correction/ Submission sample Sign with Date
(02) Total (15)
ethical (03) questions
practices (03)
(07)

Experiment No. 8
Aim: Implement Identity and Access management (IAM) on AWS/Azure.
Course Outcome: CO2
Learning Objectives: To Implement Identity and Access management (IAM).
Requirement: AWS
Related Theory: Azure Active Directory (AD) is a cloud based identity provider and access
management service. Typical scenarios where AD is used are
1) When you are using One Drive, Skype, Outlook.

2) When you are using apps like MS-Teams, Office 365 etc.
3) When you are accessing Azure, subscriptions in Azure cloud etc.

4) When you are a web developer and securing access to your web services and applications.
Identity - It is a thing that can get authenticated. It can be a username and password. It can also be
applications or other servers with secret keys or certificates.
Limitations of traditional approach of user authentication
The figure below shows the traditional user authentication.
Traditionalapproachofuserauthentication:
1. Implementingadditionalsecurity
features is time consuming
andexpensive.
2. You introduce a new security risk by
maintaining the user database. The
database itself may get hacked.
3. Usercredentialschange
perapplication/service.

All these short comings can be overcome using the Identity provider like Azure AD

Authentication using Identity

Provider:
In this approach the user instead of
providing his login credentials to the
server, provides them to the identity
provider. The identity provider in turn
provides a token to the user. A token is
small, encoded information about the
client and his identity.Thistokenis then
sent to the server in order to complete the
request. Server is also connected with the
identity provider.The server verifies the
token from the
identityproviderandiftheuseris
authentic,allowstheaccess.

Skill Based Cloud Computing Laboratory (ADLR0506) A.Y. 2024-25

 BenefitsofusingIdentityProvider

1. If the client is using multiple

services, he no longer needs to
remember multiple usernames
and passwords. Instead of
requesting a server each time he
wants to access a newservice,he
sends it totheAzureAD, gets the
token from it and exchanges it
with the server. So the
authentication part can be fully
outsourced to the
identityprovider.
2. User management getscentralized.
3. The webapplication/userscan be
given top-notch security.
4. Multiple additional features like
MFA, conditional access
canbeavailed.

Procedure:
1. Visit portal.azure.com and login using your credentials,
2. Search for “azure active” in the portal and click the Azure Active Directory option.
3. Go to Users. You will see the following interface.

4. One can also create a new user by selecting that option on the above web page.
5. Create a new user.
6. Logout and login as a new user that you just created.
7. This will totally be a new session. You can go to resource group option to see that the new user
you just created and logged in as owns nothing.

8. This new user however can have his Azure AD. Even though the new user is your tenant, the
new user can have his tenants and his own organization.
 9. T
o

d
o

t
h
i
s
,

g
o

t
o the top left corner of the left hand side pane. Click “Create resource”.

Skill Based Cloud Computing Laboratory (ADLR0506) A.Y. 2024-25

10. Once created , it will start getting reflected in your active directory. Now logout as a new user and login
using your credentials. You will be able to see the Azure AD for the new user as shown below:

11. You can click the new user in the directory being shown and see the active directory of the new
user directly.
12. When you are logged in using your credentials and see the resources you own, you are able to know
that you are a global administrator of your tenant. You can allow his the access to whatever you have.
8.5 Program and Output:
Conclusion: The Azure AD is successfully used for the identity management.