Presentation is loading. Please wait.

Presentation is loading. Please wait.

A deep dive into Azure AD B2C

Published byVanessa Snow Modified over 6 years ago

Similar presentations

Presentation on theme: "A deep dive into Azure AD B2C"— Presentation transcript:

1 A deep dive into Azure AD B2C
Microsoft Ignite 2016 9/29/ :53 AM A deep dive into Azure AD B2C NET441 Simon Lamb and Chris Padgett © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda The building blocks of a B2C application
9/29/ :53 AM Agenda The building blocks of a B2C application What you might not know Migrating an existing application to B2C Resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 The building blocks of a B2C application
9/29/ :53 AM The building blocks of a B2C application © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Authentication Register applications using portal.azure.com
9/29/ :53 AM Authentication Register applications using portal.azure.com Use OpenID Connect Client or MSAL  Web applications (ASP.NET, ASP.NET Core, Node.js) Native applications (Android, iOS, Windows) Single page applications Use OWIN Web APIs (using id_token) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Limitations Application types Redirection endpoints Libraries & SDKs
9/29/ :53 AM Limitations Application types Daemon/server-side applications (the client credentials grant) Web API authorization (using access_token) Web API chains (the on-behalf-of grant) Redirection endpoints Libraries & SDKs Protocols © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Extensibility Local accounts Social accounts Account attributes
Microsoft Ignite 2016 9/29/ :53 AM Extensibility Local accounts Social accounts Account attributes verification Phone verification UI customisations Token claims Reporting API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 9/29/ :53 AM Limitations Branding the local account sign-in page for a sign-in policy Branding the verification © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Integration Authentication ADAL v2 Graph API v1.6 Create application
9/29/ :53 AM Integration Authentication Create application Add secret Grant access to the Graph API resource Grant access to roles: Directory Readers, Directory Writers, User Account Administrator   ADAL v2 Acquire an access token Graph API v1.6 Create/update local accounts Read/search any accounts Delete any accounts Get/set custom attributes for any accounts © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Limitations Nesting of groups
Using the differential query feature of Graph API

10 Demo Managing users in B2C using Graph API Microsoft Ignite 2016
9/29/ :53 AM Demo Managing users in B2C using Graph API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 What you might not know 9/29/2017 11:53 AM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 What you might not know Billing & production-scale vs preview tenants
verification Helper tool for UI customisations Token, session & SSO configuration Values for claims may change over time Reporting API

13 Demo Helper tool for UI customisations Microsoft Ignite 2016
9/29/ :53 AM Demo Helper tool for UI customisations © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Demo Token, session & SSO configuration Microsoft Ignite 2016
9/29/ :53 AM Demo Token, session & SSO configuration © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Demo Reporting API with Power BI Microsoft Ignite 2016
9/29/ :53 AM Demo Reporting API with Power BI © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Migrating an existing application to B2C
9/29/ :53 AM Migrating an existing application to B2C © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Migration considerations
9/29/ :53 AM Migration considerations Register application using portal.azure.com Replace your authentication library with an OpenID Connect Client library or MSAL Use the Graph API to create the user accounts How are the user passwords stored? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Plain-text password migration
9/29/ :53 AM Plain-text password migration We don’t store passwords in plain-text do we? But if we did… Legacy Application Identities stored in a database Azure Identities stored in the cloud Identities in SQL database with passwords stored in plain text graph.microsoft.com Azure AD B2C Cited: © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Hashed password migration
9/29/ :53 AM Hashed password migration Create users via the Graph API Set passwords via the Graph API Either (best): Over time sync passwords to B2C then switch Or (less): Switch then force a password reset for all B2C users Legacy Application Identities stored in a database Azure Identities stored in the cloud Identities in SQL database with hashed passwords 1 graph.microsoft.com Azure AD B2C 4 3 User logging in 2 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Demo User Migration Microsoft Ignite 2016 9/29/2017 11:53 AM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 9/29/ :53 AM Resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Resources Blog Documentation Feedback forum Pricing Samples
Documentation Feedback forum Pricing Samples © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Continue your Ignite learning path
9/29/ :53 AM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings Head to the TechNet Eval Centre to download trials of the latest Microsoft products Visit Microsoft Virtual Academy for free online training visit © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 9/29/ :53 AM Thank you Chat with me in the Speaker Lounge Find (Twitter) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "A deep dive into Azure AD B2C"

Similar presentations

Andrew Hennessy Automating Server Application migrations to the Cloud – Goodbye Server 2003. INF21 3.

Andrew Hennessy Automating Server Application migrations to the Cloud – Goodbye Server INF21 3.
Building consumer apps with Azure AD B2C

Building consumer apps with Azure AD B2C
Kevin Francis Big Building Blocks – a tour of Dynamics ARC323 A.

Kevin Francis Big Building Blocks – a tour of Dynamics ARC323 A.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Identity; What you need to know to be in the Microsoft Cloud

Identity; What you need to know to be in the Microsoft Cloud
3 Ways to Integrate Business Systems to Partners

3 Ways to Integrate Business Systems to Partners
Azure ARM Templates CLD321 Aaron Saikovski

Azure ARM Templates CLD321 Aaron Saikovski
Serverless in Office 365 Build services with Azure Functions

Serverless in Office 365 Build services with Azure Functions
Making of the Ignite Bot

Making of the Ignite Bot
What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.

What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.
4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
A lap around Azure Active Directory Business to Consumer (B2C)

A lap around Azure Active Directory Business to Consumer (B2C)
Microsoft Ignite 2016 4/27/2018 9:00 AM THR2016

Microsoft Ignite /27/2018 9:00 AM THR2016
Introduction to ASP.NET Core

Introduction to ASP.NET Core
Azure Active Directory - Business 2 Consumer

Azure Active Directory - Business 2 Consumer
The Zen of Package Management

The Zen of Package Management
Power BI for the Enterprise

Power BI for the Enterprise
Conversation As a Platform - Part 1

Conversation As a Platform - Part 1
Microsoft Ignite 2016 5/25/ :22 PM

Microsoft Ignite /25/ :22 PM
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

Similar presentations

Ads by Google