For authorization, Azure Active Directory delivers many methods. As we already discussed in Chapter 2, Planing and Designing Cloud Identities groups are a preferred way of providing users with the correct permissions and access to their applications. It's good practice that users work with the Access Control Panel UI and access their applications, change the password, and add verification options. With this option, you can also allow the user to build his own preferred workplace. For example he can add his own applications and leave the passwords secure in Azure Active Directory, benefitting from SSO.

Generally, Azure Active Directory provides three main concepts for authorization: