Architecture
Parts of the Entra ID architecture are documented here for ease of use.
Authentication Flow
Entra uses two abstractions for authentication and authorization: the App Registration and the Enterprise Application.
The primary difference in use case for authentication is that OIDC configuration is handled in App Registrations and SAML configuration is handled within Enterprise Applications.
Both an App Registration and Enterprise Application are created for you when you create any new app using apps.identity.tamu.edu.
Authorization can be handled in a number of ways, but most authorization configuration is handled in the Enterprise Application abstraction. Custom claims can be configured there (both for OIDC and SAML), and group-based access to your app is controlled in the Enterprise Application regardless of whether you have chosen OIDC or SAML as the authentication protocol.
Attribute Matrix
Attributes in Entra are named according to an internal Microsoft schema. We've provided an attribute matrix to map Entra attrbutes to their upstream source attribute.
| Entra ID Attribute | Source Attribute |
|---|---|
user.givenname | givenName |
user.surname | lastName |
user.displayname | displayName |
user.department | tamuEduPersonDepartmentName |
user.employeeid | tamuEduPersonUIN |
user.onpremisessamaccountname | tamuEduPersonNetID |
user.userprincipalname | eduPersonPrincipalName |