Things you Auth to know
FeatureZ
Keywords
Market
The Authorization Problem
100

What is the difference betweenAuthorization and Authentication?

AuthZ: who you are

AuthZ: what you can do

100

What are 4 Features powered by Authorization?

Custom Roles

Collaboration

Entitlements 

Fine-grained Authz

100

Authentication or Authorization?

RBAC

Authorization

100

What is the right use case for Okta?

Internal authentication

100

What is enforcement?

When you put the rules + data together to make a decision

200

What is a metaphor for the difference between Authorization and Authentication?

  1. AuthN: get in the house
  2. AuthZ: what rooms can you open, etc.
200

What is the most common first step to authZ (with an example)?

Coarse roles

Example: members can do some things, Admins can do everything

200

Authentication or Authorization?

SSO

Authentication

200

What is the right use case for OPA?

Internal employees Infra authorization


200

What is the data?

Inputs to the rules

300

What is an example using SalesForce of the difference between authorization and authentication? 

Authentication: You log into SalesForce and SalesForce knows you are you

Authorization:

  1. SalesOps admin can add users; you can’t
  2. You can only see the accounts and opportunities you own
  3. But your manager can see opps and accounts for everyone on the team
  4. Maybe analysts can see all data but can’t change anything
300

What is a common AuthZ change when companies move upmarket (with the definition & an example)?

Fine grained authorization

Shift from feature -> object

Example: 

  1. Reps can view accounts —> this rep can view these 50 accounts
  2. “Accounts” is the object/resource
  3. All reps have access to the feature to view accounts, but now they can only see the accounts they’re assigned
300

Authentication or Authorization?

ABAC

Authorization

300

What is the right use case for Auth0?

Customer facing authentication


300

What is the model?

The inherent logic inside an app dictating who can do what

400

What is an example in an app that we did not discuss during training of the difference between authorization and authentication?

[up to Marci]

400

What feature allows enterprises determine the definition of roles themselves?

Example:
I want a separate billing admin, which can only change billing info

Custom Roles

400

Authentication or Authorization?

Access control

Authorization

400

What is the right use case for ConductorOne?

Internal Employees Authorization


400

What are the 3 parts of the authorization problem?

Model, Data, Enforcement

500

What are 5 Keywords to listen for that tell you you're talking about Authorization?


RBAC, roles, permissions, access control, ReBAC, ABAC

500

What feature allows enterprises to only give customers features that they signed up and paid for?

Entitlements

500

Authentication or Authorization?

SCIM

Authentication

500
What is the right use case for Oso?

Customer facing application authorization

500

What is the hardest part about authorization when it comes to enforcement?

List filtering

M
e
n
u