User Authentication with Azure Active Directory with Spring Boot

What is Active Directory?

• Active Directory(AD) is a directory service developed by Microsoft for the Windows domain
• It authenticates and authorizes all users and computers in a Windows domain type network. It helps in the organization
• Active Directory allows network administrators to create and manage domains, users, and objects within a network. For example, an admin can create a group of users and give them specific access privileges to certain directories on the server

Why use Active Directory?

It is a cloud-based directory and identity management service which gives the following benefits:

• Single sign-on for multiple applications
• Azure AD multi-factor authentication and conditional access
• Multiple platform functionality
• Azure AD works with more than just Microsoft software
• Azure AD reduces risk
• Global availability

Who should use Active Directory?

Active Directory helps in organizing the company’s data. The admin uses AD to organize the whole data and hierarchy from which it belongs on which network, to what profile picture looks like, or which users have access to the storage room. Hence its main purpose is to organize all data, authenticate and authorized, etc.

For example, any IT company can use it to store employee details with proper authentication and authorization to keep that account/data secured.

Architecture of Active Directory

This shows the Active Directory workflow.

• Azure AD is a cloud-based identity and access management service. The first user tries to access the application by entering the details like username and password
• The application finds the identity provider to authenticate the user. It generates authentication request and redirects the user’s browser to the Azure page
• Here Azure’s Active Directory tries to find out the user details and generate the token
• The application verifies the token sent by Azure AD and processes the sign-in

Creating Azure Active Directory Instance

1. Create an account on https://portal.azure.com then create a resource/tenant, then Identity, and then Azure Active Directory.

2. Enter your organization name and your Initial domain name. Copy the full URL of your directory; you will use that to add user accounts later in this tutorial. (For example: azureADsampledirectory.onmicrosoft.com.) Copy the full URL of your directory; you will use that to add user accounts later. (For example: azureADsampledirectory.onmicrosoft.com.)

When you have finished, select Create. It will take a few minutes to create the new resource.

3. When complete, select to access the new directory.

4. Copy the Tenant ID; you will use that value to configure your application.properties file later.

5. From the portal menu, select App registrations and then select Register an application.

6. Specify your application, and then select Register. When the page for your app registration appears, copy your Application ID and the Tenant ID.

7. Now, Click Certificates & secrets in the left navigation pane. Then select New client secret.

Add a Description and select duration in the Expires list. Click Add. The value for the key will be automatically filled in.

8. Now go to API permissions in the left navigation pane. Click Microsoft Graph and tick Access the directory as the signed-in user and Sign in and read user profile. Click Grant Permissions… and Yes when prompted.

Click Grant admin consent for Azure Sample and select Yes.

9. After this, select Authentication and select Add a platform. Then select Web applications.

Enter an endpoint URL that can accept data from azure as a new Redirect URI/Callback Response, and then select Configure to configure it.

10. Now we need to add a user to Active Directory. From the Overview page of your Active Directory, select Users, and then select New user.

When the User panel is displayed, enter the User name and Name. Then select Create.

Also, create a group of users for authentication. For this, we can select the user which we have created and form groups. Go back to the Users panel, select your test user, and select Reset password and reset it which we will be needed at the time of login.

Configure Active Directory through the app

• Create a spring starter project and Navigate to the src/main/resources folder in your project, then open the properties file.
• Here we are specifying settings that we are going to connect for AD.

Also, we need to configure WebSecurityConfig for authentication. This is how we can get connected to AD using spring boot.

Active Directory Advantages and Disadvantages:

Advantages

• Enables users to sign in using usernames and passwords that are used elsewhere
• Creating and maintaining user accounts is no longer needed
• Computer policies can be created to automatically update and secure workstations
• Sharing resources such as files and printers is easier all users have access to set permissions
• No longer need to provide a username and password for Outlook emails
• It is more secure than other directory services (Login Authentication)
• It is easy to manage, administrate and control
• Increased scalability
• The speed at which it is able to provide domain names
• Simple identity management as you can view all user information
• Let’s you manage your network from one point
• It is also easy to set up and use

Disadvantages

• It can be expensive as you will need Windows Server 2000 licenses and you may need to upgrade the hardware on the server so it can run Windows Server 2000
• Active directory is OS-dependent
• High maintenance cost
• If the Active Directory goes down so does your network
• If it is set up wrong it can take time and money to remove it and set it up again
• It is prone to be hacked
• The cost of the infrastructure can be high
• You need to have good planning to set it up properly
• It also has a complex infrastructure for the user

Conclusion

In this quick guide, we have learned about what an active directory is, how we can create an instance on Azure’s Active Directory, and also how we can configure it from Spring boot which means how we can access the instance by configuring the instance properties. Do check out our other blogs here.