PRT – Primary Refresh Token
Under the motto Bring your own device it is possible for employees in more and more companies to bring their own devices. However, in order to work efficiently with them, it is necessary to grant them access to the company network. However, this is no easy task. On the one hand, it is important to restrict access to authorized employees. On the other hand, it is necessary to make integration as simple and convenient as possible. It should not be necessary to enter complicated passwords again and again in order to authenticate yourself. The Primary Refresh Token (PRT) is an instrument that makes it possible to integrate a device securely and conveniently into the network.
Single sign-on: optimum convenience for employees
Azure Active Directory is a service that significantly simplifies collaboration and organization within a company. In order to use it, employees need appropriate access to the company server. Reliable authentication is very important here. If this is not done, it is very easy for unauthorized persons to access the relevant information. This can have serious consequences. Nevertheless, it is important to make access as easy as possible. In order to combine both requirements, Microsoft offers Single Sign On for this system. This term means that employees only have to register once.
The system then saves the corresponding device. In this way, it is not necessary to identify yourself again with a password when accessing the device at a later date. This reduces the workload and enables efficient operation. It is only necessary to repeat the authentication process after a longer period of time.
In this way, the user can access various Azure AD services. The use of Office 365 is also possible in this way. The company can also integrate other SaaS offerings into the system.
Primary Refresh Token: an important tool for Single Sign On
To enable single sign-on, the system uses a so-called Primary Refresh Token (PRT). The PRT contains data about the user and the device. When a user logs in for the first time or when their session has expired, they must identify themselves. Either a user name with a password or Windows Hello can be used for this. The corresponding data must be stored on the server. The server then checks whether the user is authorized to access it. If this is the case, it transmits a token to the user.
This is a small program that makes it possible to create an authentication key.
During the next session, the token transmits the data to the server. This registers the device and checks whether it is authorized for access. This process is completely automatic, so there is no effort required on the part of the user.
New Media Service GmbH: diverse offerings around Microsoft Azure
The use of Primary Refresh Tokens is not always easy. Correct use is also very important to maintain security in your company. That is why we at New Media Service GmbH are happy to take care of setting up this system. We also offer training courses to teach your employees how to use it correctly.
If you would like to find out more, simply contact us for a free, no-obligation consultation. We will be happy to provide you with information on this topic and, if required, take care of implementation and realization for you.