Azure 带有生物特征和移动应用证书的活动目录

Question

I am looking for help with the topic of user authorization via biometrics or certificates in my mobile app. What I need to find out is how to setup the Azure Active Directory as well as the whole authorization process.

Currently, I have an application registered in the Azure Portal under App Registration, there are quick start guides for UWP/Windows and other platforms - they all work fine with email and password. I have no idea what are the requirements and how to setup the biometrics or certificates authentication.

I read that if I want to use certificates then I need something called "Root certificate authority" and in terms of Azure, it looks like I need a virtual machine - is that correct?

Can someone please guide me through the whole process of setting up the users in Azure Active Directory and then enabling the biometrics in my app?

Kindest regards, Joseph

Answer 1

you can look here for passwordless auth on azure here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless you can use the microsoft authentication app or use a fido2 compatible system from one of the products/services that have fido2 with biometrics passwordless.

to enable passwordless on your azure tenant,
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone

The other option is to use the android/ios fingerprint/touch id to unlock refresh tokens to log into azure ad. in this way, you would need to first log into azure, then store the refresh token and secure it using the mobile platforms fingerprint stuff. suggestion from here: Sign in with fingerprint in oauth 2.0

I'm not sure if this answers your question, but it's somewhere to start reading.