In Microsoft Provisioning Framework (MPF) authentication, each step in a provisioning request is assigned an identity. MPF and external services, such as the Active Directory directory service, grant procedure execution permissions and access to resources based on permissions defined for the identity.

MPF assigns the identity based on the step's security context, a set of parameters used to secure the interaction between the calling user, MPF, and any external services. This identity can change throughout the processing cycle. Basic authentication and Kerberos delegation are two ways of passing identities into MPF. To simplify security configuration, MPF creates several default user accounts and groups during setup.

This section covers: