Microsoft Unveils Federated Identity Credentials System to Bolster Authentication Security

The Federated Identity Credentials system is designed to minimize the number of times a user will have to hand over their secure credential information when using multiple services via Microsoft Entra.

Microsoft has announced a new Azure feature designed to minimize security risk during authentication.

The Federated Identity Credentials system is intended to reduce the frequency with which users must provide their secure credential information when accessing multiple services through Microsoft Entra.

The feature enables users to log into a single service to initiate their session. Following the initial login, they can then access other services without providing their secure login credentials and certificates.

“This process, known as the Workload Identity Federation flow, supports tokens from GitHub, Kubernetes, and other third-party OIDC issuers,” Microsoft said.

“With this new capability, apps can also accept managed identity tokens issued by Microsoft Entra.”

In more technical terms, upon initially logging in with a Microsoft Entra service, the user will be issued a token. This token will be valid for any service that supports the Microsoft Entra API.

Using Entra minimizes the number of times a user needs to provide their secret information, such as login credentials or secure key information, thereby reducing the risk surface by minimizing the possibility of a threat actor gaining access to the secret information.

Such tactics are becoming increasingly popular in the identity management space. Okta recently made a unified identity management system the centerpiece of its future business plan.

Vendors largely view identity management solutions as a key component of their information security plan because using a single token across multiple services minimizes the chances of interception and protects against data breaches by third-party vendors who would otherwise need to collect sensitive information.

In Microsoft’s case, the Entra platform encompasses not only the Azure services, but also a range of apps that utilize Kubernetes and GitHub.

“Customers using Microsoft Entra ID applications to authenticate users, access resources on behalf of users, or perform cross-tenant access can improve their security by adopting managed identities as federated identity credentials,” Microsoft said.

“This approach is more secure and robust compared to managing secrets, rotating certificates, and handling multiple permission sets for apps and managed identities.”