🔐 Understanding the Authentication Protocols Behind Modern IAM
1️⃣ LDAP
Why first?
Because identities, users, groups, OUs, and directories are the foundation of IAM.
Learn:
Active Directory
Users & Groups
Organizational Units (OU)
Group Policies
Directory Services
Real-world example:
Applications validate users against Active Directory using LDAP.
2️⃣ Kerberos
Why second?
After understanding where identities are stored (LDAP/AD), learn how users authenticate in Windows environments.
Learn:
Ticket Granting Ticket (TGT)
Service Tickets
SPN
KDC
Real-world example:
User logs into Windows and accesses file servers without re-entering credentials.
3️⃣ RADIUS
Why third?
Now move from user authentication to network authentication.
Learn:
AAA (Authentication, Authorization, Accounting)
VPN Authentication
Wi-Fi Authentication
MFA Integration
Real-world example:
Employee connects to corporate VPN using AD credentials and MFA.
4️⃣ SAML 2.0
Why fourth?
Now learn Enterprise SSO and Federation.
Learn:
Identity Provider (IdP)
Service Provider (SP)
Assertions
Federation
Real-world example:
Microsoft Entra ID → Salesforce SSO
5️⃣ OAuth 2.0
Why fifth?
Modern applications communicate through APIs.
Learn:
Authorization
Access Tokens
Refresh Tokens
Scopes
Consent
Real-world example:
Application accessing Microsoft Graph API.
6️⃣ OpenID Connect (OIDC)
Why sixth?
OIDC extends OAuth and adds authentication.
Learn:
ID Token
JWT
Claims
Authorization Code Flow
PKCE
Real-world example:
"Sign in with Google"
7️⃣ Certificate-Based Authentication (PKI)
Why seventh?
After understanding authentication flows, learn stronger identity verification.
Learn:
X.509 Certificates
Certificate Lifecycle
Smart Cards
Device Certificates
Real-world example:
VPN authentication using machine certificates.
8️⃣ FIDO2 / WebAuthn
Why last?
This is the modern evolution of authentication.
Learn:
Passwordless Authentication
Security Keys
Biometrics
Passkeys
Real-world example:
Windows Hello, YubiKey, Face ID login.