Authentication
Definition
The process of verifying the identity of a user, system, or application before granting access to resources, crucial for security.
Use Cases
- Netflix: Employee access to internal tools and AWS accounts with centralized sign-in — Uses federated authentication to AWS (commonly via SAML-based SSO from a corporate identity provider) so employees authenticate with corporate credentials and then assume AWS roles rather than using long-lived IAM user passwords. (Centralized access control, reduced reliance on long-lived credentials, and easier onboarding/offboarding through a single identity system.)
- Google: Secure access to Google Workspace and internal applications — Uses strong user authentication (including multi-factor authentication) tied to managed identities, enabling single sign-on across services and enforcing policies based on user and device context. (Lower account takeover risk and consistent sign-in experience across many applications.)
- Microsoft: Enterprise single sign-on for Microsoft 365 and Azure-hosted applications — Uses Microsoft Entra ID for authentication, enabling SSO, conditional access policies, and MFA for users accessing cloud apps and resources. (Improved security posture with policy-based authentication controls and reduced password-related support overhead.)
Provider Equivalents
- AWS: AWS Identity and Access Management (IAM)
- Azure: Microsoft Entra ID (formerly Azure Active Directory)
- GCP: Cloud Identity
- OCI: OCI Identity and Access Management (IAM)
Frequently Asked Questions
- What's the difference between authentication and authorization?
- Authentication proves who you are (for example, signing in with a password, passkey, or MFA). Authorization decides what you can do after you’re signed in (for example, whether you can read a storage bucket or deploy a VM). You typically need both: authenticate first, then authorize actions.
- When should I use authentication in cloud systems?
- Use authentication anytime a user, service, or application needs access to cloud resources or data. Examples include logging into a cloud console, calling an API, connecting a CI/CD pipeline to deploy infrastructure, or allowing an app to read from a database. Prefer stronger methods (MFA, short-lived tokens, workload identity) for sensitive systems.
- How much does authentication cost?
- Costs depend on the identity platform and features. Many clouds include basic authentication for cloud resource access at no additional charge (for example, using built-in IAM identities), while advanced capabilities like external user directories, single sign-on, conditional access, and some MFA options may be priced per user or per monthly active user. Additional costs can also come from SMS-based MFA messages, third-party identity providers, and operational overhead (setup, audits, support).
Category: security
Difficulty: basic
Related Terms
See Also