Microsoft identity platform overview - Microsoft identity platform (2024)

The Microsoft identity platform is a cloud identity service that allows you to build applications your users and customers can sign in to using their Microsoft identities or social accounts. It authorizes access to your own APIs or Microsoft APIs like Microsoft Graph. The identity platform supports developers building single-tenant, line-of-business (LOB) applications, as well as multi-tenant software-as-a-service (SaaS) applications.

The following diagram shows the Microsoft identity platform at a high level, including the application registration experience, SDKs, endpoints, and supported identities or account types.

There are several components that make up the Microsoft identity platform:

• OAuth 2.0 and OpenID Connect standard-compliant authentication service enabling developers to authenticate several identity types, including:

  See Also

  Microsoft Entra ID Governance - Microsoft Entra ID GovernanceWhat is the difference between MIM and Microsoft Entra Connect?Tutorial - Quick setup of your tenant for Microsoft Entra Verified ID - Microsoft Entra Verified IDIntroduction to Microsoft Entra Verified ID - Microsoft Entra Verified ID
  • Work or school accounts, provisioned through Microsoft Entra ID
  • Personal Microsoft accounts (Skype, Xbox, Outlook.com)
  • Social or local accounts, by using Azure AD B2C
  • Social or local customer accounts, by using Microsoft Entra External ID

• Open-source libraries: Microsoft Authentication Library (MSAL) and support for other standards-compliant libraries. The open source MSAL libraries are recommended as they provide built-in support for Conditional Access scenarios, single sign-on (SSO) experiences for your users, built-in token caching support, and more. MSAL supports the different authorization grants and token flows used in different application types and scenarios.

• Microsoft identity platform endpoint - The Microsoft identity platform endpoint is OIDC certified. It works with the Microsoft Authentication Libraries (MSAL) or any other standards-compliant library. It implements human readable scopes, in accordance with industry standards.

• Application management portal: A registration and configuration experience in the Microsoft Entra admin center, along with the other application management capabilities.

• Application configuration API and PowerShell: Programmatic configuration of your applications through the Microsoft Graph API and PowerShell so you can automate your DevOps tasks.

• Developer content: Technical documentation including quickstarts, tutorials, how-to guides, API reference, and code samples.

For developers, the Microsoft identity platform offers integration of modern innovations in the identity and security space like passwordless authentication, step-up authentication, and Conditional Access. You don't need to implement such functionality yourself. Applications integrated with the Microsoft identity platform natively take advantage of such innovations.

With the Microsoft identity platform, you can write code once and reach any user. You can build an app once and have it work across many platforms, or build an app that functions as both a client and a resource application (API).

Getting started

Choose your preferred application scenario. Each of these scenario paths has an overview and links to a quickstart to help you get started:

• React Single-page app (SPA)
• ASP.NET Core Web app
• ASP.NET Core API
• Desktop app
• Daemon app
• Mobile app

For a more in-depth look at building applications using the Microsoft identity platform, see our multipart tutorial series for the following applications:

• React Single-page app (SPA)
• ASP.NET Core Web app
• ASP.NET Core API

As you work with the Microsoft identity platform to integrate authentication and authorization in your apps, you can refer to this image that outlines the most common app scenarios and their identity components. Select the image to view it full-size.

Learn authentication concepts

Learn how core authentication and Microsoft Entra concepts apply to the Microsoft identity platform in this recommended set of articles:

• Authentication basics
• Application and service principals
• Audiences
• Permissions and consent
• ID tokens
• Access tokens
• Authentication flows and application scenarios

More identity and access management options

Azure AD B2C - Build customer-facing applications your users can sign in to using their social accounts like Facebook or Google, or by using an email address and password.

Microsoft Entra B2B - Invite external users into your Microsoft Entra tenant as "guest" users, and assign permissions for authorization while they use their existing credentials for authentication.

Microsoft Entra External ID - A customer identity and access management (CIAM) solution that lets you create secure, customized sign-in experiences for your customer-facing apps and services.

Next steps

If you have an Azure account, then you have access to a Microsoft Entra tenant. However, most Microsoft identity platform developers need their own Microsoft Entra tenant for use while developing applications, known as a dev tenant.

Learn how to create your own tenant for use while building your applications: