Microsoft AD Verifiable Credentials — Verify Once , Use Everywhere

Rangesh Sripathi
3 min readApr 18, 2021


This article talks about Identity management and more correlated towards SSI(Self Sovereign Identity)

Before we get started , I would like to list few common terminologies used in AD Verifiable Credentials.

Verifiable Credentials(VC) :

A digital credentials that let describe true/relevant information about individuals . It would be Name, Age, Gender, Degree, License etc.. It can be considered as data model holding credentials information of Individual.


Decentralized Identifiers that let one to identify in Decentralized Network. It is unique .

Tenant :

A tenant represent an Organization. Its specific to Microsoft Azure Active Directory(AD).

Issuer :

Issuer is an organization that Issues VC post verifying the User.

Verifier :

Verifier is an organization / entity who verifies the VC from one or more issuer whom they trust.

Lets get started with Simplified architecture of Azure AD Verifiable Credentials

Simplified Architecture of AD Verifiable Credential -

As seen above Microsoft uses ION as Blockchain framework to hold public information and Authenticator App to hold Verifiable Credentials. It is essential that users install Authenticator App in their mobile while Issuer and Verifier are subscribed to Azure AD Service.

Sample Application- Hands-on

Lets gets started by Issuing and Verifying credentials with Sample app provided by Microsoft.

Steps :

  1. Clone the sample code
git clone

2. Download Ngrok —

3. Navigate to Issuer and Verifier Directory to Issue and Verify Credential using Authenticator App. Issuer and Verifier are node.js service that holds respective elements to issue credentials.

Attached are few snapshots after trying out the samples.

a) Issuer — Get my VC

b) Received Credentials in my mobile app

c) Verifier — I was successfully able to share my VC to verifier

What Microsoft AD VC offers ?

A) It lets Issuer Customize Credentials -User friendly JSON elements

B) Microsoft gets DID for Issuer ,Verifier and User .

C) It is currently tied to Azure Active Directory(AD) and can be used only with AD

Summary :

Microsoft Azure Directory Verifiable Credentials are more user friendly and could be easily on-boarded when compared to other SSI framework likes Hyperledger Indy , Uport . I did really like the seamless integration and once Microsoft decouples Authenticator app and opens up for other services that does not utilizes AD , Microsoft VC Service would very much get adopted .