Design for identity and access management (IAM)


To implement authentication and authorization, Azure Architects design identity and access management (IAM) solutions. These solutions must work for all users, applications, and devices. A strong IAM solution should have unified identity management, secure adaptive access, simplified identity governance, and a seamless user experience.

Diagram of the four basic guidelines for a strong IAM solution.

Things to know about IAM

As you look at your authentication and authorization options for Tailwind Traders, consider these characteristics of a strong IAM solution:

  • Unified identity management. Manage all your identities and access to all your applications in a central location, whether they’re in the cloud or on-premises, to improve visibility and control.

  • Seamless user experience. Provide an easy, fast sign-in experience to keep your users productive, reduce time spent managing passwords, and increase end-user productivity.

  • Secure adaptive access. Protect access to resources and data by using strong authentication and risk-based adaptive access policies without compromising the user experience.

  • Simplified identity governance. Control access to applications and data for all users and admins. Automated identity governance ensures only authorized users have access.

Things to consider when using IAM

Your first step is to determine the ideal IAM solution for Tailwind Traders. The following table lists three basic choices. We'll look closely at these options in the next units.

  • Consider using Azure Active Directory. Develop with Azure AD for a solution that combines core directory services, application access management, and identity protection. Azure AD provides an identity and access management system for Tailwind Traders employees that can operate in a cloud or hybrid environment.

  • Consider your business-to-business (B2B) requirements. Support collaboration for guest users and external business partners of Tailwind Traders, such as suppliers and vendors. Build your solution with Azure AD B2B (business-to-business) to support business-to-business operations.

  • Consider your business-to-customer scenarios. Control how Tailwind Traders customers sign up, sign in, and manage their profiles when they use your apps. Use Azure AD B2C (business-to-customer) to develop an Azure AD solution that supports customer-focused operations.