Authentication Methods

There are three authentication methods for Applications in Azure Active Directory.

  1. Certificate
  2. Client Secret
  3. Federate Credentials

This workshop is focusing on Client Secret.


Certificate based authentication is only available to use with applications that operate in the users context. This may be when a calendar is being shared with an external application or sharing files from cloud storage between applications. We are only using application context so will not cover certificates.

Client Secret

This is the same as a password you would be famililar with for regular user accounts. Client Secrets are used for applications that operate as Daemons or Service Accounts and operate without user interaction. You cannot secure this type of account with MFA, but if the client ID (username) and client secret (password) are stolen then the application can be exploited.

Federated Credentials

This method uses credentials from an another identity provider that has a trust relationship with the Azure Active Directory used to register the application. This is out of scope for this workshop.