Design authentication and authorization
See original GitHub issueHigh level requirements
- Access to each workspace is restricted to a group of users.
- One user can have access to multiple workspaces.
- Support Active Directory scenarios for Conditional Access and Privileged Identity.
- Auditing of auth events on workspace level.
- Check HIPAA requirements
- A user can either have the role of an
workspace owner
of the workspace or aresearcher
of the workspace. - A user can be a
TRE administrator
to manage shared services and other aspects that spans workspaces. - The roles a user have in each workspace will depict what actions can be performed.
- Users who need access to a workspace can originate from multiple organizations.
What we’re not doing
- User and group management - Managing roles/groups and users will initially be managed via Azure Active Directory
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (9 by maintainers)
Top Results From Across the Web
Design authentication and authorization solutions - Training
Azure Architects design and recommend authentication and authorization solutions. Learning objectives. In this module, you learn how to: Design for identity and ...
Read more >Code concepts for designers: Authentication & authorization
Authorization occurs after successful authentication. This process answers the question, “Are you allowed to do this?” This is where user roles and user...
Read more >Authentication and Authorization in System Design Interviews
This course reviews the fundamental concepts needed to design complex, scalable systems and ace the system design interview—from load balancing to database ...
Read more >Design Best Practices for an Authentication System
Here, we focus on best practices for designing an authentication system. ... There are multiple options for performing authorization checks, ...
Read more >Best Practices for Designing a User Authentication Module
The design of an authentication module needs to include a table that stores the information for validating each user's login. In its most...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Few related issues just created to reflect the current direction using Azure AD and app roles. #95 , #96 , #208, #211, #220, #221,
I’ve modified the ADDA code to use standard Azure AD rather than Azure AD B2C and that allows it to use an App Role for the global role. With the B2C solution we needed a User Admin role, but with normal AAD we now only need a single Resource Admin role. I’ve also added a Member role as you might want to restrict access to the TRE rather then allow the entire domain.
These a are really simple to handle, you just get the names of the app roles in a
Roles
claim.For all other permissions on specific resources (workspaces and services) the app needs to manages these with resource assignments in the database.