Microsoft this week raised a curtain on a preview of its custom claims providers tool for Azure Active Directory. According to the company, the new solution gives organizations tools for mapping claims into a token. The feature is delivered in the form of an API that can be adopted by Azure AD customers.
In a blog post to introduce the service, Microsoft offers an example of custom claims providers being used by an HR department that needs to match locally stored employee roster numbers with authentications.
“Let's show you how you can set this up for Contoso's HR app. In this scenario, Contoso are looking to decouple their HR app from Active Directory Federation Services, and authenticate directly with Azure AD. The HR app expects the user's employee number to be returned in the token, which is stored in an on-premises Active Directory.
Contoso can configure a custom claims provider to fetch this data and insert it into the token during authentication. Let's begin setting it up for Contoso's Azure AD. In the Enterprise applications menu, the Contoso Admin selects Custom authentication extensions, and then selects Create a custom extension.”
Azure Active Directory users may want to leverage the API to keep sensitive data on premises. Microsoft has been pivoting away from Active Directory Federation Services (ADFS) and customer claims providers act as an alternative to the Windows Server role. Microsoft says that it sees ADFS as a legacy system for authenticating within Azure AD.
Custom claims providers authentication is now available in preview.
Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “Windows Security” button, but the most common case in Windows is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.