Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Federated access from Azure to other clouds wit...

Darek Dwornikowski
September 21, 2022
Technology
0
99

Federated access from Azure to other clouds without a secret

Federated access from Azure to other clouds without a secret

Darek Dwornikowski

September 21, 2022
Tweet

Other Decks in Technology

See All in Technology
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
800
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
200
Amazon Forecast亡き今、我々がマネージドサービスに頼らず時系列予測を実行する方法
sadynitro
0
150
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
3
670
テストコード品質を高めるためにMutation Testingライブラリ・Strykerを実戦導入してみた話
ysknsid25
7
2.8k
組織成長を加速させるオンボーディングの取り組み
sudoakiy
3
300
【平成レトロ】へぇボタンハック👨🔧
vanchan2625
0
110
The Role of Developer Relations in AI Product Success.
giftojabu1
0
160
Mastering Quickfix
daisuzu
1
340
強いチームと開発生産性
onk
PRO
36
12k
CysharpのOSS群から見るModern C#の現在地
neuecc
2
3.8k

Featured

See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
How STYLIGHT went responsive
nonsquared
95
5.2k
Automating Front-end Workflow
addyosmani
1366
200k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Side Projects
sachag
452
42k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k

Transcript

  1. Federated access from Azure to other clouds without a secret

    Darek Dwornikowski
  2. None
  3. None
  4. None
  5. None

  6. Enter Open ID Connect (OIDC) • OAuth 2.0 is a

    security standard where you give one application permission to access your data in another application on your behalf, without giving them your password. • OIDC adds identity part on top of OAuth, session etc (identity providers) • You can do it for machine too. All you need is trust.

  7. What we will do

  8. Our flow

  9. Links • https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc • https://youtu.be/t18YB3xDfXI\ • https://gist.github.com/tdi/791e660027340dbc09da5f791c7b5661 • https://cloud.google.com/iam/docs/configuring-workload-identity-federation#azure •

    https://learn.microsoft.com/en-au/azure/active-directory/develop/howto-create- service-principal-portal • https://learn.microsoft.com/en-au/azure/active-directory/develop/howto-create- service-principal-portal#register-an-application-with-azure-ad-and-create-a-service- principal • https://medium.com/google-cloud/configuring-workload-identity-federation-with-azure- 672a1e1f3eec • jwt.ms

  10. Thanks J let’s stay connected @7d1 https://www.linkedin.com/in/darekd/