Skip to content

Entra IDΒΆ

Entra ID (formerly known as Azure Active Directory, Azure AD or AAD) is a cloud-based identity and access management service provided by Microsoft.

We use Entra ID as our internal identity provider for authenticating and authorizing both employees and applications.

NAIS provides support for declarative registration and configuration of Entra ID resources. These cover these distinct use cases:

Log in employeesΒΆ

If you have an employee-facing application that requires authentication, you will need to integrate with Entra ID. NAIS simplifies this by providing a login proxy with endpoints to easily handle login, logout, and user sessions.

Your application is responsible for verifying that inbound requests have valid tokens.

🎯 Learn how to log in employees

Secure your APIΒΆ

To secure your API with Entra ID, you'll need to grant consumers access to your application. Once configured, your consumers can acquire a token from Entra ID to consume your API.

Your application code must verify inbound requests by validating the included tokens.

🎯 Learn how to secure your API with Entra ID

Consume an APIΒΆ

If your application needs to consume another API secured with Entra ID, you need to acquire a token.

There are two types of flows for acquiring tokens, depending on the context of the request:

Consume on behalf of employeeΒΆ

This flow is for machine-to-machine requests on behalf of an employee end-user.

To consume an API on behalf of an employee, you'll need to exchange their token for a new token:

The new token preserves the employee's identity context and is only valid for the specific API you want to access.

🎯 Learn how to consume an API on behalf of an employee

Consume as applicationΒΆ

This flow is for machine-to-machine requests without any end-user involvement.

To consume an API as the application itself, you'll need to acquire a token:

🎯 Learn how to consume an API as an application

Generate a token for developmentΒΆ

In some cases, you want to locally develop and test against a secured API in the development environments. You will need a token to access said API.

🎯 Learn how to generate a token for development

Was this page helpful?