This is by FAR the best explanation of what can be a very confusing topic that I have seen. You out did yourself here John, thank you!
@NTFAQGuy4 жыл бұрын
Glad you enjoyed it!
@CrustyBoot3 жыл бұрын
I completely agree!
@clemiboi3 жыл бұрын
The designer for App Registration/Enterprise apps/service principals must have been so bad.... thanks for this video
@oem732 жыл бұрын
I second that motion. Excellent explanation. Thank you!
@UnCatolico Жыл бұрын
Agree by FAR also. Excellent. Congratulations and thank you so much for this quality training video.
@helennamannila446410 ай бұрын
Congratulations - what has always been a really confusing area has now become crystal clear. I had to watch it twice to make sure I thoroughly understood it (and will probably have to watch it again if I need to remind myself a few months down the line). But you have achieved what the Microsoft doc could not. (Also had much-needed research into OAuth 2 in the process, so win-win!) Thank you :)
@NTFAQGuy10 ай бұрын
Glad it was helpful!
@sachingoyal2210 ай бұрын
Thanks so much. This video is now 3 years old, still explains the concepts like no other video does.
@gdr11742 жыл бұрын
When I first started to take an interest in technology it was through reading incredibly dry text books from the library. Thank god for people like John who make the constant learning journey much more accessible and enjoyable 👍
@Tnub22 жыл бұрын
Wow, great content, John! When you showed how the Enterprise Apps are only listing the Service Principals and that you would have one SP in every AD that wants to access the app - that was really an "AHA-moment" for me. Thank you so much for this excellent explanation
@NTFAQGuy2 жыл бұрын
Glad it was helpful!
@mromar27244 жыл бұрын
This has to be the best explaintaion on workings of AAD I have ever seen. Thank you
@NTFAQGuy4 жыл бұрын
Glad it was helpful! Thanks!
@ernestmfakudze4 жыл бұрын
@mromar, I totally agree with you. Amazing explanation @John
@maciejpakulski11823 жыл бұрын
Totally agree. I've seen a few videos that tried to explain this topic, however John's video is really the best. Stellar work.
@mhydeist3610 Жыл бұрын
I've recently passed the AZ-700 because of your videos. Thank for making them. Recently, I take interest in security and yet again your knowledge help my through a lot. How can I thank you enough!!!
@NTFAQGuy Жыл бұрын
Glad you like them and huge congratulations 🤙
@emmiauranen Жыл бұрын
I can't believe you made a video of this over three years ago! So glad you did, because now it's more understandable. BTW, your handwriting is so much better these days 😄
@davidaranda25283 жыл бұрын
Finally, someone who can explain this whole process in a way that actually makes sense. Great video, keep it up!
@NTFAQGuy3 жыл бұрын
Thank you
@jonathanku85992 жыл бұрын
excellent explanation. I was setting up App Registrations in Terraform and couldn't' understand where the Enterprise Application was getting created from, but now your video explained it
@kimicheng56112 жыл бұрын
I was totally lost when I was watching this video for the first time. After I learned OAUTH2 and other concepts here and there for several days and come back to watch again, all the contents in this video are crystal clear and really well organized and presented. Thank you so much.
@asmiles9057 Жыл бұрын
Woah! I read through so many different sites trying to understand these topics without any success. This video cleared up everything for me. Thank you for creating this.
@michaelr115410 ай бұрын
After 3 years, i keep coming back to this video. Love your work as always John!
@sgphillips1013 жыл бұрын
Brilliant training from John on a subject I have always had problems grasping. I watch alot of John's courses, he is an amazing teacher.
@sabokunogaraa2 жыл бұрын
I'm really amazed. The Microsoft docs were making me run in circles but this video was more than enough to understand such a complex topic
@KaezerMusik2 жыл бұрын
Holy shit John. I have been struggling with this topic and looking at all kinds of resources to grasp it. And you come along once again with such a bang on lecture. I dont know how you always end up being so successful at teaching me things others fail to upload in to my brain. Thank you!
@NTFAQGuy2 жыл бұрын
Glad could help
@stasizzle2 жыл бұрын
100% the best video on AAD app registrations, ent apps and SPs! I just watched several of them and NONE were as clear as John's.
@sachindhamija30614 жыл бұрын
I really search for all your videos over internet..You are one of the best trainer I have found...lucky to have you in youtube ...Thanks !!
@NTFAQGuy4 жыл бұрын
I appreciate that! Thank you!
@tarunacharya13372 жыл бұрын
beautifully explained, my search for a a proper explanation of the App Registrations and SP's finally ended with this video. Thanks John
@EA33964Ай бұрын
This is fantastic! I've been struggling to understand this, not sure why everyone else made it so complicated to understand, pretty sure some just want to flex their technical jargon to confuse people 😄 Thank you !!!
@rolandovirjan780 Жыл бұрын
Half hour of explanation and pages of diagrams, "that's literally all there is to it!". Made me smile lol. Seriously though, great video and very helpful thank you.
@ahmadabdalla904 жыл бұрын
One of the most complicated topics in Azure AD. Well explained 👏🏼
@NTFAQGuy4 жыл бұрын
Glad you think so! Thank you!
@lysajane3643 Жыл бұрын
Wow! Absolutely brilliant. It doesn’t quite come through like this when reading the documentation over and over again. TY for explaining the Svc Principal and the difference between App Reg and Enterprise Apps.
@titlibhakta62717 ай бұрын
My god! How can he explain everything so clearly and I discovered I knew wrong information till today after watching this video. Thank you so much ❤
@michaelwaterman3553 Жыл бұрын
Right, so I was trying to get my head around the concept of Apps and enterprise apps, read a lot of blogs and the official documentation. Just didn't stick.... After watching this it all makes sense! Thanks John!
@Brianle180 Жыл бұрын
That is the best explanation I have found so far. Your contents are very quality, thanks John!
@rafaelnegron56622 жыл бұрын
This video is gold. Been trying to understand this flow for years, and finally, this video did it for me. Thank you!
@NTFAQGuy2 жыл бұрын
Glad it helped!
@JonathanAtherton Жыл бұрын
You are right, I did have to watch this twice, It all clicked towards the end of the vid & made a lot more sense the secondtime round. Awesome Thank you :)
@jonmac90774 жыл бұрын
Absolutely fantastic, I read numerous documents over the space of a week and this video explained the equivalent of hours of reading in a 30 minute video and made it a lot simpler to understand, brilliant, thank you :)
@NTFAQGuy4 жыл бұрын
You're very welcome!
@cb986782 жыл бұрын
THANK YOU! Your video should be a mandatory course for anybody entering devops
@christierney5322Ай бұрын
This really is fantastic. The Microsoft docs are really hard to grok, and this was exactly the information I needed. Bravo, and thank you so much.
@NTFAQGuyАй бұрын
I'm glad it helped make things clearer!
@sukhsingh193 жыл бұрын
Explained very complex topic in very lucid manner. Thank you for creating such awesome content!
@NTFAQGuy3 жыл бұрын
Glad you liked it!
@shaul474 жыл бұрын
A lot of things got clear in my head after watching this video! I like your teaching style, very clear, concise, and one that keeps your attention. I'll surely watch other videos. Thank you John, appreciate it!
@NTFAQGuy4 жыл бұрын
Thanks, glad you liked it.
@samhouston20004 жыл бұрын
your videos are so good that as soon as you say " If that was useful, please like". I feel compelled and obligated to drop everything and smash that like button. You are one awesome teacher. I am also a teacher like you, I go as far back in the history as it is needed to establish a strong foundational understanding. Thanks for being you.
@NTFAQGuy4 жыл бұрын
Wow, that is so kind, thank you
@dirkl96523 жыл бұрын
It's very obvious that you enjoy teaching Azure. I hope I can get to this level of understanding Azure. Keep up the great work.
@NTFAQGuy3 жыл бұрын
Thanks, I do. good luck.
@cdm2973 жыл бұрын
One of the best explanations so far on the internet, Thank you John
@Threep6663 жыл бұрын
This cleared up a lot of confusion I was having for how the Azure apps work, now I know what the difference is between the apps and the enterprise apps finally, thank you!
@NTFAQGuy3 жыл бұрын
Great to hear!
@saiganapathyswaminathan9103 жыл бұрын
This has to be the best explanation of Azure App Directory and its working.. Thanks John.
@NTFAQGuy3 жыл бұрын
Happy to help
@saiganapathyswaminathan9103 жыл бұрын
@@NTFAQGuy BTW John. I have an app registered in my AAD. It is a confidential multi-tenant application. I couldn't find any proper doc explaining the process to make my app available publicly for other tenants (Release). Or isn't there any such thing as release ?. I can just share the installation URL so that the other tenants can access my application. Won't there be an validation by the MS team ?. Any help on this.
@behman9045 ай бұрын
This is the best and very clear explanation of these complicated concepts. Thanks so much John.
@NTFAQGuy5 ай бұрын
Glad it was helpful!
@mayankparihar19882 жыл бұрын
Very nicely explained. Perfect to watch 2 time and you understand all about app registration and oauth 2.0
@chinchi42933 ай бұрын
Very well explained, you should write the documentations for Azure, I read and read and haven't fully understood it. But now, I got it! Thank you very much. It really helped me.
@robbiejames14662 жыл бұрын
Great summary at the end. I'll probably need to watch this again but certainly something is starting to click
@Lamukra Жыл бұрын
A damn eye opener... jeez, finally I got the answer I was looking for! A lot of kudos to you! Subscribed and following :)
@dscoduc3 жыл бұрын
Great video, thank you. Are you planning on doing a deeper dive into this topic? There are many more pieces to this part of Azure that are difficult to understand, such as the difference been App Registration tokens and Enterprise Application tokens, SAML (RP) configurations, API access permissions, etc.
@anandchandrashekhar29333 жыл бұрын
The quality of your content is amazing. Thank you!
@NTFAQGuy3 жыл бұрын
Very welcome
@Navii_244 жыл бұрын
After basking in the concepts that you poured out in this video, just made my day. Thanks a lot for this video John.
@NTFAQGuy4 жыл бұрын
Glad it was helpful!
@felipemenesesdittel67992 жыл бұрын
Such great content! You really make a difference in making IT content widely available. Greetings from Costa Rica :)
@NguyenTung-go9cb Жыл бұрын
Someone said: If you can't explain it simply, you don't understand it well enough I was enjoying this video just like eating a piece of cake. Not only this video, but all your channel is also saving tons of time for our world lol. Cheers buddy
@NTFAQGuy Жыл бұрын
Glad you enjoyed it!
@harishmathanan35964 жыл бұрын
A complex topic made simple and understandable. Thank you John 😊
@NTFAQGuy4 жыл бұрын
Glad it was helpful!
@sivasrimakurthi206 Жыл бұрын
love the way you explain the concepts, loved it always John. Thanks!!
@Mikael_Puusaari3 жыл бұрын
This is such a good explanation of it, there were a few parts that were only buzzwords and nothing else for me and this really put the pieces together for me in a territory where I haven´t felt all too confident before, thank you!
@NTFAQGuy3 жыл бұрын
Glad it helped!
@soumyarahul0074 жыл бұрын
Very useful and complicated topic. Thanks for breaking the complicacy and make it easier to understand.
@NTFAQGuy4 жыл бұрын
Very kind, thank you!
@fabioandreteles2 ай бұрын
Thank you John for the great video - was reviewing this yet again to grasp the concepts correctly. A quick question: when the user consents to an application (third party) using their Entra ID credentials, and the application asks for the consent, this will create the SP in the user's tenant only, that will have the scopes set? I'm thinking for example Gmail, or other third-party email client that the user might use - did I understood this correctly? Just trying to make this all clear in my head. Again, great stuff - with added knowledge in the last 2 years, I understood more and more of this! Great stuff!
@KhawajaDaniyal3 жыл бұрын
Phenomenal explanation @john savill. I'm exploring creation of a Shared Image Gallery to be used other tenants, and couldn't fully grasp the 'why' behind the app registration. Your video gave me the understanding I needed.
@NTFAQGuy3 жыл бұрын
Great
@dronacharya652710 ай бұрын
Always been confused on this topic, what a clear and simple explanation . Thanks a lot❤.
@NTFAQGuy10 ай бұрын
You're most welcome
@Daysra Жыл бұрын
The best video I have found on this topic, thank you John.
@NTFAQGuy Жыл бұрын
Glad it was helpful!
@iamdedlok4 жыл бұрын
Nice explanation! Tying the OAuth2 and OpenID to Azure AD and explaining the flow was exactly what's needed! Thanks John!
@NTFAQGuy4 жыл бұрын
Glad it was helpful!
@3uphoric2 жыл бұрын
Thanks John, appreciate this. Will, definitely need a few views of this one. Thanks for putting this out there.
@melbourneyuvathaАй бұрын
Man, what a explanation!! Thanks for the video, great and simple explanation!!
@quanbui16708 ай бұрын
Thanks a lot John, you made complicated and confusing concepts easy enough to understand.
@NTFAQGuy8 ай бұрын
Glad it was helpful!
@ItSTime-mf6ov2 жыл бұрын
Wonderful Correlation Explanation : Thanks John and Appreciate your efforts to end everything Sensible.
@kamaleshwaran063 жыл бұрын
Best and concise explanation of IDP and Azure AD. Thanks!
@NTFAQGuy3 жыл бұрын
Glad it was helpful!
@orangeflowerlove2 жыл бұрын
Thank you so much. i have been very struggling to understand these topics and your video really make my dots connected to line. I will for sure re-watch it a few times to deepen my understanding :)
@TridibChowdhury4 жыл бұрын
Thank you for this explanation! I'm a UX designer who was curious about what my scrum team developers meant whenever they mentioned 'service principal' amongst themselves. Now I know 👏🏼
@NTFAQGuy4 жыл бұрын
You are so welcome!
@MelodiqueMyst4 жыл бұрын
Loved it, thanks for explaining it in layman terms. I have been working on AAD for sometime but never was able to wrap my head around Application Registration and Service Principal.. 🙂👍
@NTFAQGuy4 жыл бұрын
My pleasure.
@G3CK0S2 жыл бұрын
This is how you teach. I'm shocked, man. Fantastic work and thank you.
@NTFAQGuy2 жыл бұрын
My pleasure!
@chandrag25362 жыл бұрын
Thanks you Savill... while I understood the nuances of OAuth 2.0 flows and the AppID, SP and Managed Identities, could not tie them all together... this is really good. Thank you
@HornOkay4 жыл бұрын
Thank you so much for a great explanation. My Thoughts: You have combine Oauth explanation in general with this video. *In my opinion, it can much simpler by explaining - what is Application in Azure, App Object, Scopes and Service Principal. And on top of that how client can connect Resource via Service Principal. That would hold much more value in my opinion.*
@NTFAQGuy4 жыл бұрын
This is just how I think it best to explain but sure there are many others and different approaches may work better for sure.
@HornOkay4 жыл бұрын
@@NTFAQGuy i agree, thanks again for a great video.
@JaiPrakash-pq1pj4 жыл бұрын
Thanks Jhon for the tutorial video. As you initially said if you learn why then how part becomes easier. Completely agree and the way how you dissect and explain its very good of you. Cheers
@NTFAQGuy4 жыл бұрын
Glad it was helpful!
@ec03214 жыл бұрын
That's really an awesome work. Concepts are well articulated. Could you please explain more on back channel and front channel logic. That would also help us understand clearly why client receives code and then token separately due to security concerns.
@NTFAQGuy4 жыл бұрын
That really comes down to oauth and the capabilities of the client if it’s capable of the back channel (although now nearly all clients are capable of some form)
@michield6812 Жыл бұрын
Very good presentation. I'll have to rewatch this a few times though to grasp all of it. Thank you!
@darshank2 жыл бұрын
This is really helpful session. I really appreciate your efforts for creating it in depth.
@erhanballeker63833 жыл бұрын
Thanks for the great content. I just wanted to make tiny addition/correction (but what i believe its important especially when trying understand these cryptography related things :) ), when the pkce added to code grant flow, first, client sends the sha256 hashed -cipher- of random string that its generated (as you said in the video) and then from the backchannel it does not sends the cipher again, it sends the plain text string generated in the beginning(with tls secured) and delegates it to idp to hash it with sha256 and compare the two hashes and understand that if its the same client. The video is great as always, thanks for sharing these kind of qualified contents.
@NTFAQGuy3 жыл бұрын
Cool, thank you for sharing.
@Dalj-Puma3 жыл бұрын
Studying for my AZ-500, this video really helps. Thank you John!
@NTFAQGuy3 жыл бұрын
Best of luck!
@Itsnarak3 жыл бұрын
Explained wonderfully!! Easiest explaination I have come across. Thank you for the content.
@NTFAQGuy3 жыл бұрын
Glad it was helpful!
@KurtInTampa4 жыл бұрын
First off thank you for the very good walkthrough. Most people don't touch this topic. We are updating a largish document management enterprise solution we sell to others for on premise install, but want to move to Azure AD and the Key Vault to for authentication and storing of secrets. I'm having a hierarchy conundrum. Do we create a new Active Directory Tenant, with all new app registrations for our APIs and Clients for each new customer? Most online examples show those tenant, registration and audience IDs as hardcoded. Seems like a lot of complexity creating different binaries for the same pieces of our solution for each install (and update)... Thanks, Kurt
@NTFAQGuy4 жыл бұрын
It’s not a simple answer as depends on your app, is it multi-tenant etc. you likely need to get a consultant to go through detailed requirement gathering to give right guidance.
@KurtInTampa4 жыл бұрын
@@NTFAQGuy Spent 30 minutes this morning with someone MS's Azure team subcontracts with. Was more confused after than before. Will probably have to try it again with someone else. It's not Multi tenant by the definition I understand. Other than aggregating exceptions in the cloud for management purposes. A separate copy of the same binaries and SQL DBs with the same structure (and their own content) would exist exist at each location with their own private documents siloed there.
@ranadebpramanick4694 жыл бұрын
Thank you John. One of the best, crystal clear explanations i have heard so far. Until i watched this, i was under the impression that App Registration and SPN are synonymous :). Your way of teaching in whiteboard make things crystal clear. Hopefully some time in the future your pluralsight videos will also have the same format.. :)
@NTFAQGuy4 жыл бұрын
That is very kind, thank you. I don’t think pluralsight will want me teaching on the whiteboard but who knows :) I try and supplement here in the KZbin ;)
@nuwansamarasiri73646 ай бұрын
Great Explanation about App Registrations and Enterprise Apps. Thanks John!
@NTFAQGuy6 ай бұрын
My pleasure!
@toddhu24982 жыл бұрын
tyvm!great videos, I really have a struggle on azure but thanks to this video , it is so clear
@meetyashm9 ай бұрын
Absolute gem of a video
@Kikyoas5 ай бұрын
this was great! appreciate you making these videos!
@Insane2030-y8j3 жыл бұрын
Thanks for breaking it down..I had to watch it twice :-)
@louisapplewhaite5062 жыл бұрын
Still the best video on azure app authentication
@jasonracey96003 жыл бұрын
I'm here because I suddenly need to set up Enterprise Apps, App Registrations, and App Roles for microservice intercommunication and the Azure terminology alone doesn't help me understand the differences between these resources. I'm also trying to understand where Service Principals and Managed Identities fit into all this. Thanks for the great explanation of the underlying athn/authz process.
@NTFAQGuy3 жыл бұрын
I have other videos about auth including one on unattended auth where I cover managed identities and service principals.
@mhlaskar19914 жыл бұрын
Thanks a lot, John for the hard work. It really pays off. I have one doubt, so for every user of the app(client), will there be a service principal? I guess no. Also What's the relationship between AUTZ token and SP?
@NTFAQGuy4 жыл бұрын
No sp per app in the tenant. Sp represents the client in flow.
@dosto-evsky4 жыл бұрын
Thank you Sir, very useful explanation how services work behind the scenes, it has some basic similarities for authentication as with your lecture about ADFS, tokens, xaml and cookies, how different servers communicate, easy enough to follow, a good little condensed/concise session.
@NTFAQGuy4 жыл бұрын
Thanks!
@SuppersReady88803 жыл бұрын
Very helpful explanation, and well presented, love how you used the virtual whiteboard, very effective and dynamic visual aid. I'm trying to resolve how AppRoles work and how to get the "roles" attribute that OIDC can pass back to populate based on mappings of "Users and Groups" (say a group) to a specific application role defined by a developer within a multi-tenant app.
@NTFAQGuy3 жыл бұрын
Glad you liked the video! Thanks for watching
@tommyrong69553 жыл бұрын
This is the best one I have see.
@dn81533 жыл бұрын
great tutorial, on your diagram labeling the Client as "Client App" would help to provide clarity. Once you mentioned "Client App" things became clearer
@NTFAQGuy3 жыл бұрын
haha, sadly can't go back in time and change :-)
@dustinclark8946 Жыл бұрын
Finally! Someone made it make sense.
@TheRealFreekBos3 жыл бұрын
Woow that was SUPER clear! Thanx man!!!
@NTFAQGuy3 жыл бұрын
You're welcome!
@daviddeady72182 жыл бұрын
Top Job John - crystal clear big man. thank you
@saeedredrose3 жыл бұрын
I could finally understand the relation between graph API and appregistration.
@NTFAQGuy3 жыл бұрын
Great
@saeedredrose3 жыл бұрын
Best app registration explanation ,Amazing job.
@NTFAQGuy3 жыл бұрын
Glad you liked it
@aramosjr034 жыл бұрын
Hi there! Thanks so much for the very informative presentation. Watching it for the second time now. 🙂 Unfortunately, I got a bit lost when you mapped the components in your scenario at the beginning to the Azure AD components. Is the App1 that you're registering the client or the resource? Assuming it's the client, then do we need to register the resource APIs as well so we can associate them during the client app registration? I might have missed those steps.
@NTFAQGuy4 жыл бұрын
The App would be the client that wants to consume the resource you own.
@aramosjr034 жыл бұрын
John Savill thank you for the prompt reply
@elvirkaric14494 жыл бұрын
John - finally watch this video today, very good and detailed explanation of SP in AAD. One question - do you think that Azure Automation Account is also Service Principle?
@NTFAQGuy4 жыл бұрын
right there is no such thing as azure automation account in AAD :-) its just a service principal that its managing for you :-)
@JNolan11243 ай бұрын
Another great video. Thank you for such a great explanation :)
@MexMario3 жыл бұрын
Amazing explanation, thank you . One question: Do we have to do any kind of configuration in the "API", something like saying "I want to give access to App1"?
@NTFAQGuy3 жыл бұрын
You delegate or set at app for the apis
@MexMario3 жыл бұрын
@@NTFAQGuy I guess that would be your next video 😀?
@NTFAQGuy3 жыл бұрын
@@MexMario I touched on that in this video.
@yyassaman743 жыл бұрын
You are the best guru in the universe!! Thanks for sharing awesome topics
@NTFAQGuy3 жыл бұрын
Very kind, thank you.
@amithenry86392 жыл бұрын
Thank You John, it was a very good session , you explain very well, appreciate it.