Using Microsoft Entra External ID and Cerbos for authentication and authorization
This blog post has been co-authored by Martin Gjoshevski, Senior Customer Engineer at Microsoft and Alex Olivier, Chief Product Officer at Cerbos, a Microsoft Partner.
In the realm of software development, authentication and authorization play a pivotal role, serving as guardians of your data and system security and integrity. These terms are often confused with one another; however, they serve two distinct functions.
In this blog post, part one of a three-part series, we look at the difference between authentication and authorization, and what to consider when choosing the right approach to authorization. We explore the concept of coupled and decoupled authentication and authorization and provide a high-level framework for choosing an approach that meets the needs of your specific scenario. We also share a brief teaser of what’s coming in part two!
Authentication is the process of validating the identity of a user or device. This typically involves using unique credentials, like a username-password pair or a digital certificate. It acts as a crucial first line of defence, ensuring only known users or devices gain access to your system or application. Without robust authentication measures, the door opens for entities to compromise sensitive data and jeopardize system security.
