0

On our existing AAD, we are trying to integrate with FIDO2 authentication.

As part of this integration b/w AAD & FIDO, in azure portal under "Security Authentication methods | Authentication method policy (Preview)" AD Admin have been provided UI options to enable FIDO Authentication either for a particular user or group which will be followed by end user side set up process using MS self service portal "https://myprofile.microsoft.com"

Are the above steps involved in AAD & FIDO integration, can be accomplished programmatically via graph api endpoints or any other rest end points?

Is AAD having its own API public endpoints apart from Graph API endpoints?If not why AAD not having its own API public endpoints?

191180rk
  • 735
  • 2
  • 12
  • 37
  • As you know AAD&FIDO Integration is in preview stage, some response on above queries would be helpful to evaluate for further consideration. – 191180rk Mar 15 '20 at 14:15

1 Answers1

0

The above steps for AAD and FIDO integration can be done via portal at this point . The underlying functions involved are not exposed through any API at this point . the feature is still in preview and is a work in progress. This may change a little more before it goes GA depending upon existing feedback by the users/customers and internal tests.

There is older API called Azure AD graph API but its not being actively developed for any new features. The Microsoft Graph API is the newer API and it is being designed as a single consolidated API (single endpoint https://graph.microsoft.com) with a robust back-end to interact with Microsoft 365 cloud Services. Earlier Micrsooft had many different APIs to manage end user experiences and Identities however as we evolved a lot of customers/partners demanded consolidation so that it was easier for them to write their customer code for management and build any software on top of Microsoft Azure AD hence one single API backend was built and released as Microsoft Graph .

As for the programmatic access to FIDO settings , I would suggest you to upvote an existing feature request related to the same on Azure feedback site. The Azure Feedback uservoice site is periodically reviewed by the product group and it helps in prioritization of requested features for development.

Dharman
  • 30,962
  • 25
  • 85
  • 135
shashishailaj
  • 426
  • 5
  • 6
  • So after integrating AAD with FIDO using the options available on Azure portal, 1.will our existing customer facing web apps (which uses our in-house secure token service (STS) - a web api based application which in turn rely on Azure AD for authentication), can leverage on AAD-FIDO integration for providing passwordless sign-in experience for end users? (or) 2.passwordless sign-in experience for end users after AAD-FIDO integration is possible only if customer facing application uses Azure AD based authentication? – 191180rk Mar 19 '20 at 05:20
  • If AAD does user authentication via FIDO flow, then the access token issued by AAD will have any indicator/properties to confirm FIDO flow has been used for user authentication? – 191180rk Mar 19 '20 at 05:23