Authenticating to Azure by using Cloud KMS and client assertionsBy using workload identity federation, we can let applications use Azure credentials to authenticate to Google Cloud. That’s useful if we have an application that runs on Azure and needs access to Google APIs. But what if we are in the opposite situation, where we have an application on Google Cloud that needs access to Azure APIs? Continue »
Authenticating to Google Cloud by using an Azure managed identity and workload identity federationWhen an application running on Azure needs access to Google APIs, we can use workload identity federation to let the application use its Azure credentials to authenticate to Google APIs. Unfortunately, the C# client library doesn’t support that yet, but we can fill that gap. Continue »
Restricting which managed identities can access an Azure applicationOn Azure, we can use managed identities and AzureAD applications to authenticate service-to-service authentication. But how can we ensure that only certain managed identities can obtain access tokens for an application? Continue »
Azure AD defaults to SAML Logout, but not all apps support thatWhen you create an enterprise app in Azure AD and configure SAML-based single sign-on, Azure AD assumes that the application also supports SAML for sign-out – but as it turns out, not all apps do. Continue »
Azure AD federation metadata, with or without authenticationWhen working with cloud services, you occasionally encounter two APIs that essentially do the same thing, but require different authentication or permissions. Such cases tend to pique my interest. Continue »