Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understand Hybrid Identity with Azure and Azure Stack

Published byNelson Sanders Modified over 5 years ago

Similar presentations

Presentation on theme: "Understand Hybrid Identity with Azure and Azure Stack"— Presentation transcript:

1 Understand Hybrid Identity with Azure and Azure Stack
7/18/2018 6:55 PM BRK4011 Understand Hybrid Identity with Azure and Azure Stack Shriram Natarajan © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Hi, I’m Shri Program Manager I work on Identity, Authentication and Authorization, Azure Resource Manager, Hybrid Tools and Developer Experiences on Azure Stack Tweet to

3 Agenda Hybrid cloud use cases Identity Fundamentals
Authenticating with different Azure Clouds Multi Tenancy and Directory-based authentication

4 First things first…

5 Hybrid use cases: Azure and Azure Stack
Edge and disconnected solutions Cloud applications that meet every regulation Modern applications across cloud and on-premises

6 Hybrid App Development Sessions at Ignite
Session Title Speaker BRK3084 Microsoft Azure Stack hybrid apps and developer overview Bradley Bartz BRK3115 IaaS on Microsoft Azure Stack David Armour Scott Napolitan BRK4011 Microsoft Azure Stack identity, multi-tenancy, and role-based access control Shriram Natarajan BRK3099 Developing hybrid apps on Microsoft Azure Stack Ricardo Mendes BRK4015 DevOps on Microsoft Azure Stack Matthew McGlynn Anjay Ajodha © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Have feedback on Azure Stack?
7/18/2018 6:55 PM Have feedback on Azure Stack? Want to provide your feedback direct to the engineering team? Join the Azure Stack customer research panel : © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Identity Fundamentals

9 Identity Terminologies
Active Directory + Active Directory Federation Services (ADFS) Azure Active Directory Organizations / Directories / Directory Tenants Users and Groups Applications Service Principals

10 Azure Stack Identity Fundamentals
Works with AAD and AD FS OpenID Connect Protocol Authorization Code Flow Resource Owner flow Utilizes JSON Web Tokens (JWT) ADAL libraries for consistent hybrid Authentication Azure Tools for consistent hybrid resource management

11 Azure Stack with AAD – Single Tenanted
Azure Active Directory Admin Portal Admin ARM admindir.onmicrosoft.com Public Portal Public ARM Resource Providers Use cases: Enterprises, Dedicated Hosting

12 Azure Stack with AAD – Multi Tenanted
Azure Active Directory Admin Portal Admin ARM admindir.onmicrosoft.com Public Portal Public ARM Redmarker.onmicrosoft.com AD FS (on-prem) Resource Providers Fabrikam.com Use cases: CSP, Shared Hosting

13 Azure Stack with AD FS Use cases: Enterprises, Dedicated Hosting
Portal ARM and RPs Applications Stamp AD adfs.azurestack.local AD Graph Stamp ADFS Customer ADFS Customer AD adfs.corp.contoso.com Use cases: Enterprises, Dedicated Hosting

14 DEMO Azure Stack with AAD and AD FS configurations

15 Types of Identities Users Service Principals Standard User Identities
Authenticate through User ID/Password Example: / Used for Application authentication Automation Authenticate through Id/Secret combination Secret can either be a key or a certificate Example: bfb84395-b5bb-4a0a-9d25-fbb9f8d3186f / 3gDcSnk5MAdefGxyDZAJks2xhohTie/vpAQ/2o=

16 Role Based Access Control

17 DEMO Service Principal Creation, Authorization and Authentication

18 Directory based Authentication

19 Inviting Guest Users fabrikamClient.com contosoConsulting.com
Other Directories

20 Multi tenanted Applications
fabrikamClient.com contosoConsulting.com Other Directories

21 Inviting Guest Users fabrikamClient.com contosoConsulting.com
Other Directories

22 DEMO Authentication in a directory context

23 Cross-cloud Authentication

24 Information needed for Authentication
Identity System ARM Identity System’s URL (Authority) Specific to the installation of the cloud ARM’s App Identifier URL Credentials Common Across clouds for hybrid ARM’s URL ARM App ID URI Authority URL ARM URL

25 Token Exchange Protocol
Identity System ARM { iss: <Authority> aud: <ARM App ID URI> iat: <dateStamp> exp: <dateStamp>… } Signing Certificate Authority URL ARM URL ARM App ID URI + Credentials Token Token

26 One solution to rule them all !!! Endpoints API

27 https://<ARM_URL>/metadata/endpoints?api-version=2015-01-01
ARM Endpoints API ARM URL Authority URL ARM App ID URI

28 https://<ARM_URL>/metadata/endpoints?api-version=2015-01-01
ARM Endpoints API ARM URL Authority URL ARM App ID URI

29 ARM Endpoints API - Summary
Unauthenticated Enumerates endpoints necessary for authentication Used by tools Azure PowerShell and Azure CLI SDKs and other tools to follow Works for both AAD and ADFS topologies Call the Endpoints API 1 2 Use data in the API to authenticate 3 Make an authenticated call to ARM

30 DEMO Endpoints API Setting Environment variables in PowerShell and CLI

31 Registration with Identity System

32 Azure Stack’s Registered Applications
~18 apps are registered with the Identity system Includes admin and tenant services Essential to allow these services to interact with directory ~9 propagated to new Directories during multi-tenancy setup MT setup cmdlet in tools repository uses this API If re-creating this functionality, exercise caution Custom implementations outside the context of tools repo are not supported

33 Application Registrations API

34 Capability differences AAD and AD FS topology
Scenario AAD Topology AD FS Topology Marketplace Syndication Yes ADAL support CLI, VS, PSH tools Create Service Principals with Certificates Applications can use Identity system for user sign-in Yes* * Apps must federate with Customer AD FS Create Service Principals through Portal No Create Service Principals with Secrets (Keys) Multi Tenancy Applications can interact with Graph Service

35 Summary Use Endpoints API to help with Authentication across clouds
Create Service Principals for application authentication RBAC to users and Service Principals Remember to authenticate to a specific directory

36 Please evaluate this session
Tech Ready 15 7/18/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 7/18/2018 6:55 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Understand Hybrid Identity with Azure and Azure Stack"

Similar presentations

Identity & Access Control in the Cloud Name Title Organization.

Identity & Access Control in the Cloud Name Title Organization.
1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

1/27/2018 5:13 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Enterprise Security in Practice

Enterprise Security in Practice
From IT Pros to IT Heroes - with Azure DevTest Labs

From IT Pros to IT Heroes - with Azure DevTest Labs
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Azure File Sync Setup, configuration and management

Azure File Sync Setup, configuration and management
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
6/10/2018 3:43 AM THR1000 Making StaffHub work for your organization Business Integrations & Workflows Sushmitha Kini Engineering Manager © Microsoft.

6/10/2018 3:43 AM THR1000 Making StaffHub work for your organization Business Integrations & Workflows Sushmitha Kini Engineering Manager © Microsoft.
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
Developing Hybrid Apps on Microsoft Azure Stack

Developing Hybrid Apps on Microsoft Azure Stack
Windows 10 and the cloud: Why the future needs hybrid solutions

Windows 10 and the cloud: Why the future needs hybrid solutions
How to expand your Azure Stack marketplace

How to expand your Azure Stack marketplace
Azure SDKs and Tools for You

Azure SDKs and Tools for You
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
The power of common identity across any cloud

The power of common identity across any cloud
Understanding Multi-Geo Capabilities in Office 365

Understanding Multi-Geo Capabilities in Office 365
8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.

8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.
7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

7/29/2018 4:45 PM Manage SharePoint and OneDrive in Office 365: A field guide for administrators Chris Bortlik Modern Workplace Technical Architect Microsoft.

Similar presentations

Ads by Google