Build apps that secure identity through permissions and consent

This article continues from the Zero Trust identity and access management development best practices article to help you use a Zero Trust approach to identity in your software development lifecycle (SDLC).

Here's an overview of the Permissions and access articles in this Developer Guide so that you can dive into identity components that include authentication, authorization, and identity management.

• Integrate applications with Microsoft Entra ID and the Microsoft identity platform helps developers to build and integrate apps that IT pros can secure in the enterprise.
• Register applications introduces developers to the application registration process and its requirements. It helps them to ensure that apps satisfy Zero Trust principles of use least privileged access and assume breach.
• Supported identity and account types for single- and multitenant apps explains how you can choose if your app allows only users from your Microsoft Entra tenant, any Microsoft Entra tenant, or users with personal Microsoft accounts.
• Authenticate users for Zero Trust helps developers to learn best practices for authenticating application users in Zero Trust application development. It describes how to enhance application security with the Zero Trust principles of least privilege and verify explicitly.
• Acquire authorization to access resources helps you to understand how to best ensure Zero Trust when acquiring resource access permissions for your application.
• Develop delegated permissions strategy helps you to implement the best approach for managing permissions in your application and develop using Zero Trust principles.
• Develop application permissions strategy helps you to decide upon your application permissions approach to credential management.
• Request permissions that require administrative consent describes the permission and consent experience when application permissions require administrative consent.
• Reduce overprivileged permissions and apps helps you to understand why applications shouldn't request more permissions than they need (overprivileged). Learn how to limit privilege to manage access and improve security.
• Provide application identity credentials when there's no user explains Managed Identities for Azure resources best practices for services (nonuser applications).
• Manage tokens for Zero Trust helps developers to build security into applications with ID tokens, access tokens, and security tokens that they can receive from the Microsoft identity platform.
• Customize tokens describes the information that you can receive in Microsoft Entra tokens and how you can customize tokens.
• Secure applications with Continuous Access Evaluation helps developers to improve application security with Continuous Access Evaluation. Learn how to ensure Zero Trust support in your apps that receive authorization to access resources when they acquire access tokens from Microsoft Entra ID.
• Configure group claims and app roles in tokens shows you how to configure your apps with app role definitions and assign security groups.
• API Protection describes best practices for protecting your API through registration, defining permissions and consent, and enforcing access to achieve your Zero Trust goals.
• Example of API protected by Microsoft identity consent framework helps you to design least privilege application permissions strategies for the best user experience.
• Call an API from another API helps you to ensure Zero Trust when you have one API that needs to call another API. Learn how to securely develop your application when it's working on behalf of a user.
• Authorization best practices helps you to implement the best authorization, permission, and consent models for your applications.

Next steps

• Subscribe to our Develop using Zero Trust principles RSS feed for notification of new articles.
• Develop using Zero Trust principles helps you to understand the guiding principles of Zero Trust so that you can improve your application security.
• What do we mean by Zero Trust compliance? provides an overview of application security from a developer's perspective to address the guiding principles of Zero Trust.
• Use Zero Trust identity and access management development best practices in your application development lifecycle to create secure applications.
• Standards-based development methodologies provides an overview of supported standards and their benefits.
• Developer and administrator responsibilities for application registration, authorization, and access helps you to better collaborate with your IT Pros.
• Build Zero Trust-ready apps using Microsoft identity platform features and tools maps features of the Microsoft identity platform to the principles of Zero Trust.
• The Identity integrations guide explains how to integrate security solutions with Microsoft products to create Zero Trust solutions.