Understanding the Azure identity model
Microsoft Azure Stack Hub uses identity at different layers. This includes portals and tools that sit on top of Azure Resource Manager (ARM). Moving further down the stack, we also use identity for resource providers. We also use identity for business logic and infrastructure, as shown in the following diagram:
Figure 4.1 – Azure identity layers
As you can see from this diagram, the tokens and access tokens used across the layers are different depending on which layer of Azure Stack Hub we are talking to.
For applications and users, the architecture of Azure Stack Hub is broken down into four layers, as shown in the preceding diagram. Interactions between these layers can use different types of authentication.
For tools and clients such as the administrator portal, the authentication used to communicate to the ARM is via a JSON Web Token. ARM validates the JSON Web Token and looks at the claims issued in the...
