![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 72%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hello Padmanabhan M,
Please see the below to know Azure Active Directory authentication works:
The Microsoft Entra ID application redirects the user to Microsoft Entra ID and uses OpenID Connect to request scopes.
- In order to enforce security requirements, Entra ID evaluates Conditional Access restrictions and authenticates the user using configures authentication methods.
- After that, Entra ID confirms user or admin consent and API permissions. Entra ID issues an ID token, an access token, and maybe a refresh token if all checks are successful.
- When the application calls the API using the access token, the API verifies the token and approves the request.
Token Types:
- Access Token: APIs use it to approve requests. It includes application roles (roles) or delegated scopes (scp) that specify what the app is permitted to perform.
- ID Token: Used by the application to verify the user's identity. It includes identification claims, including tenant details, user IDs, and names.
- Refresh Token: Used to obtain new access tokens without prompting the user to sign in again.
OAuth 2.0 vs OpenID Connect: OAuth 2.0 focuses on authorization, while OpenID Connect focuses on authentication.
- OAuth 2.0- Authorization framework which allows the apps to securely access protected resources (APIs) on behalf of a user or application.
- OpenID Connect - An authentication mechanism based on OAuth 2.0 that allows applications to get user data via ID tokens and confirm user identity.
Hence, OpenID Connect is used by Azure AD to authenticate users, OAuth 2.0 is used to grant access, tokens containing identity and permissions are issued, and Conditional Access is enforced prior to token issuance.
If the resolution was helpful, kindly take a moment to click on 
and click on Yes for was this answer helpful. And, if you have any further query do let us know.