As part of Microsoft’s mission to empower people and organisations to achieve more, the team has recently announced the general availability of Microsoft Entra Verified ID, a new service that promises a more deliberate way for individuals and organisations to share identity information. We explain more about the service in this blog.
What is Microsoft Entra?
The concept behind Microsoft’s Verified ID service is that individuals or organisations have control over the submission of their identity information, including the ability to revoke it. It’s based on a decentralised blockchain electronic ledger approach, rather than relying on a service provider to store a record in a database.
A faster more reliable way to verify
Typically, customers rely on Azure AD to secure access to corporate resources. However, enabling use of credentials for utility beyond the company (e.g. prove employment for bank loan) is complex and comes with compliance risk. In contrast, identity documents from our everyday lives, like a driver’s licence or passport, are well suited for utility beyond travel (e.g. age or residency).
Microsoft believe an open standards-based decentralised Identity system can unlock a new set of experiences that give users and organisations greater control over their data—and deliver a higher degree of trust and security for apps, devices, and service providers.
Issue credentials – Customers can now design and issue verifiable credentials to represent proof of employment, education, or other claims. A holder of a credential can decide when, and with whom, to share it. Each credential is signed with cryptographic keys that the user owns and controls. Even if the issuing institution doesn’t exist, these credentials can still be presented and validated.
Request and verify credentials – Unlike credentials issued by current centralised identity systems, verifiable credentials are standards-based. This makes it easy for developers to understand and does not require custom integrations. Applications can request and verify the authenticity of credentials from any organisation using APIs included as part of the service.
Present credentials in a secure way – Users can manage and present credentials using Microsoft Authenticator. What makes this unique is it enables users to control who can access them, even if credentials are issued by organisations. Capabilities like selective disclosure, derived claims (e.g. proof of age instead of birth date) and measures preventing correlation will be added.
Recover credentials – Users can manage credentials using Microsoft Authenticator and recover from loss using a mnemonic-based (pass phrase) scheme. In addition, Microsoft will provide custodial and social recovery solutions so users can choose a circle of trusted parties, across friends, family, and organisations.
Interoperable – Microsoft has developed a standards-based interop profile in partnership with IBM, Workday, Ping, and Mattr so anyone can build compatible digital wallets. This interop profile gives application developers a consistent way to manage credentials as part of the digital wallets they build and switch across wallets.
When would you use Entra?
During the preview period, customers from around the world have issued and verified credentials across a variety of scenarios, ranging from remote onboarding at work, and collaboration across business boundaries to enabling education beyond the campus. Customers have issued and verified tens of thousands of credentials using our platform across a diverse set of industries to enable:
- Faster remote onboarding – Validate identity information for trustworthy self-service enrollment and reduced time-to-hire.
- Verify access to high value apps – Quickly verify an individual’s credentials and status to grant least-privilege access with confidence.
- Easy account recovery – Replace support calls and security questions with a streamlined self-service process to verify identities.
To find out more about Microsoft Entra or to learn more about securing your data, contact our team who can help.