🔑 What Is Authentication? — “Who Are You?”
Authentication is the process of verifying a user’s identity. Its purpose is to ensure the person attempting to access a system is legitimate.
Common Authentication Methods
-
Passwords or PINs
-
Multi-Factor Authentication (MFA)
-
Biometrics (face scan, fingerprint)
-
Digital certificates
-
Token-based authentication
Example
When a user signs in to Azure AD using their username, password, and an MFA OTP, Azure AD is performing authentication.
🛡️ What Is Authorization? — “What Can You Do?”
Authorization decides what actions a verified user is allowed to perform inside a system. It is typically based on roles, permissions, and policies.
How Authorization Works
-
Role-Based Access Control (RBAC)
-
Policy enforcement (e.g., JSON IAM policies)
-
Attribute-based access control
-
Resource-level and action-level permissions
Example
An authenticated AWS IAM user may be authorized to:
-
✅ Read objects from an S3 bucket
-
❌ But not delete them
This is authorization controlling the permitted actions.
⚙️ How Authentication & Authorization Work Together
Although separate, authentication and authorization always operate in sequence:
-
Authentication – Confirms the user’s identity
-
Authorization – Checks what the user is allowed to do
Together, they form the foundation of Zero Trust Security, where no user is assumed to be trustworthy by default.
💡 Real-World Scenario: OpenShift
In OpenShift, the flow works like this:
-
Authentication:
A developer logs in via OAuth (e.g., GitHub, LDAP, Google). -
Authorization:
OpenShift RBAC then determines what they can do, such as:-
Deploying pods
-
Accessing specific namespaces
-
Modifying cluster settings
-
Without both, the platform cannot reliably protect clusters, workloads, or user data.
FAQs (0)
Sign in to ask a question. You can read FAQs without logging in.