Microsoft Azure

As with AWS, you can use various options for navigating to user authentication and authorization settings in Microsoft Azure as well. One way to access identity settings within Microsoft Azure is to expand the left panel navigation forAll services and select Identity, as seen in Figure 3.4. From there, you can navigate into External Identities to view information about federation and integration with identity provider services, to Users to view a full set of User Principal identities that exist within the tenant, or to Azure AD Security to view more on allowable authentication methods and MFA configuration:

Figure 3.4 – Microsoft Azure IAM configurations

At the time of this writing, Microsoft has developed a new branded administrator experience for Azure Active Directory IAM functions that can be found at https://entra.microsoft. com/ (Figure 3.5):

Figure 3.5 – Microsoft Entra admin center

Thisnew branded experience aims to provide a simplified interface for configuration and administrative functions. Permission requirements for accessing and configuring these functions remain the same as accessing the administrative functions through https://portal.azure.com.

As with AWS, within Microsoft Azure, you can also use the CLI for navigation and accessing resources. Documentation and information on installing and using the Azure CLI, including tutorials, can be found at https://learn.microsoft.com/en-us/cli/azure/.

Now that we’ve identified one of the primary ways of accessing IAM configuration in Microsoft Azure, let’s review where to find the configuration within GCP.

GCP

Similar to both AWS and Azure, GCP provides access to IAM functions through a few different navigation paths. GCP has a dedicated IAM & Admin product section, as seen in Figure 3.6; however, other relevant content exists within the Security product section as well, such as the management of service accounts and workload identities:

Figure 3.6 – GCP IAM & Admin configuration options

Also, similar to AWS, GCP uses the concept of establishing an organization (Figure 3.7) for use in structuring user accounts and managing access:

Figure 3.7 – Establishing an organization within GCP

Additionally, GCP has an “identity as a service” function known as Cloud Identity for providing a centrally managed user identity store.

Similar to AWS and Azure, we can also navigate within GCP using the CLI. More information about this can be found at https://cloud.google.com/cli.

As we’ve seen, there are a few differences but also many similarities in the way that IAM navigation is structured in AWS, Azure, and GCP. Now that we’ve looked at the key areas where configuration options for users and user authentication exist, let’s look at concepts for defining and identifying permissions, roles, and groups.