OAuth 2.0 and OpenID Connect Authorization Process with Zilla

Owned by
Chris Pedigo (Unlicensed)
Last updated: Aug 23, 2023 by
Nitin Sonawane
2 min read

Zilla Security's Zilla Azure app utilizes OAuth 2.0 and OpenID Connect protocols to securely authorize access to specific resources within Azure Active Directory (AAD). This process enables controlled access on behalf of the user without exposing user credentials and includes creating a custom enterprise application within the tenant.

Enterprise application used for OIDC

An application registered in the Zilla AAD tenant is used for SSO. This application has the following credentials

Client ID: 4176202e-1516-4fa1-874f-e5bd60591ccb

Display name: Zilla Security Application

AAD Tenant Domain: zillasecuritysaas.onmicrosoft.com

AAD Tenant ID: 635ac631-11c6-402a-b22f-32691d347aca

The Step-by-Step Process

  1. Configuration in Zilla Security's Zilla Azure App (Performed by the User): Within Zilla Security, the user enters information about the Azure Active Directory tenant, including the Tenant ID and domain name, for syncing with the Zilla Azure app.

  2. Authorization Request (Performed by Zilla Security's Zilla Azure App): The user clicks "sync now," the Zilla Azure app constructs an authorization request, redirecting the user to the Microsoft login page.

  3. User Authentication and Consent (Performed by the User in Azure Active Directory): The user logs in with an Admin role and grants consent to the permissions requested by the Zilla Azure app. A custom enterprise application entry is created within the tenant.

  4. Authorization Code Exchange (Performed by Zilla Security's Zilla Azure App): Azure AD redirects the user back to Zilla Security with an authorization code. The Zilla Azure app exchanges this code for an access token, using its pre-configured client credentials.

  5. Access Token Issuance (Performed by Azure Active Directory): Azure AD validates the authorization code and client credentials, then issues an access token to the Zilla Azure app.

  6. Access Token Usage (Performed by Zilla Security's Zilla Azure App): The Zilla Azure app uses the access token, associated with the custom enterprise app, to access the user's resources within the specified Azure AD tenant, initiating the sync process.

  7. Token Validation and Resource Access (Performed by Azure Active Directory and Resource Server): The resource server validates the access token with Azure Active Directory and, if valid, grants access to the requested resources.

 

Conclusion

The OAuth 2.0 and OpenID Connect authorization process with Zilla Security's Zilla Azure app is a robust and secure method for granting access to resources within Azure Active Directory. By leveraging these protocols and creating a custom enterprise application within the tenant, Zilla Security ensures the confidentiality of user credentials and provides controlled access to resources.

This process aligns with the standard OAuth 2.0 flow and allows for tenant-specific customization and control, enabling administrators to manage the Zilla Azure app's access and behavior within their specific Azure AD environment.

For further technical assistance or inquiries related to Zilla Security's OAuth 2.0 and OpenID Connect implementation with Azure Active Directory, please refer to the technical documentation or contact our support team.