Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's.

Slides:



Advertisements
Similar presentations
Attie Naude 14 May 2013 Windows Azure Mobile Services.
Advertisements

FI-WARE Testbed Access Control temporary solution.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.
Conditional access DirectAccess & automatic VPN Desktop Virtualization.
Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.
Fraser Technical Solutions, LLC
App development in SharePoint 2013 LIVE Introducing Cloud App Model Cloud-hosted Apps Experiences from the Field.
Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“ AuthenticationResult.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Single Sign-On with Microsoft Azure
Office 365 Platform Flexible Tools Each Office 365 Workload API required different Authentication.
IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.
Microsoft Virtual Academy.
Windows Azure Active Directory Graph API
Windows 8 Application Microsoft Word with Apps For Office Internal O365 SharePoint Site Windows Azure Cloud Services Windows Azure Workflow Server.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.
(Azure+O365) Identity Presenter Name Position or role Microsoft Azure.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Windows Server Active Directory Intranet Managed Access Managed Identities Integrated Business Apps.
SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.
101 ways to authenticate with Azure Active Directory
Mirek Sztajno SQL Server Security PM
Introduction to the Cloud Solution Provider platform & APIs
Entwicklung einer echten „Software-as-a-Service" App Mario Szpuszta Platform Strategy Advisor, Microsoft Corp.
Identities and Azure AD Premium
ALL INFORMATION PRESENTED AS WELL AS ALL SESSIONS ARE MICROSOFT CONFIDENTIAL AND UNDER YOUR NON-DISCLOSURE AGREEMENT (NDA) AND\OR TECHNOLOGY PREVIEW.
Mobile Services Recap Windows Azure Mobile Services.
Today’s Applications Web API Browser Native app Web API Web API
Martina Grom MVP Office 365 How to (remote) control Office 365 with Azure Toni Pohl MVP Client Dev
Hybrid Identity Deep dive Ross Adams 2016 Redmond Summit | Identity Without Boundaries May 25 th 2016 Azure AD
THE API AN INTRODUCTION TO THE MINISTRYPLATFORM APPLICATION PROGRAMMING INTERFACE STEPHEN WAREHAM.
EMS in action Hugh Simpson-Wells and Mark Riley 2016 Redmond Summit | Identity Without Boundaries
Azure Active Directory Uday Hegde 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 Group Program Manager, Azure AD
Microsoft Ignite /20/2017 9:04 PM
Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.
Developers Introduction to the Power BI Platform.
A deep dive into Azure AD B2C
4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure Identity Premier Fast Start
Azure Active Directory voor Developers
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Migrating SharePoint Add-ins from Azure ACS to Azure AD
GET-ting Your Office 365 Data Using the Microsoft Graph API
Understand Hybrid Identity with Azure and Azure Stack
Windows Azure AppFabric
Azure DevCamp Identity and Office 365 APIs
Azure AD Line Of Business Application Integration
Azure AD Application Proxy
SharePoint Online Hybrid – Configure Outbound Search
Windows Azure Keenan Newton 3-021
TechEd /7/2018 2:17 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Agenda OAuth Concepts Programming OAuth.
Office 365 Development.
TechEd /22/2019 9:22 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
CSG, Power BI & Embedded.
Introduction into the Power BI REST API Jan Pieter Posthuma
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
A Lap Around Windows Azure Active Directory
Presentation transcript:

Azure Active Directory is becoming one of, if not the, primary user identity management services for cloud applications. One of Azure Active Directory's attractive features, especially for developers, is the Graph API. The Graph API provides a modern, REST-based interface into the directory, allowing us to easily read, write, update, and delete a wide range of data. In this session we'll set the foundation for how the directory is structured and what features it offers. We'll also demonstrate how to get started programming against the directory in order to utilize Azure Active Directory information in cloud and non- cloud applications.

Programming Azure Active Directory

17 COLUMBUS, OHOCTOBER 17, 2014CLOUDDEVELOP.ORG

Opening Keynote Scott Guthrie October 21 st, :00am – 5:00pm PST

Assume you know what Microsoft Azure is and likely have an Azure subscription. This is not a Active Directory design session. Review common scenarios... Yours may be different. We’re not going to cover it all today... large, complicated topics with many options/scenarios.

Azure Active Directory - What is it?

Multi-tenant “directory-as-a-service” Identity & access for on-premises and cloud applications NOT a cloud version of Windows Server AD Image Source:

Extend Windows Server AD to the cloud Directory & identity services w/o need for Windows Server AD Each O365 tenant has instance of AAD Sync process is the same Your App AAD Directory store Authentication platform Active Directory

Working with the Graph

Graph URL Tenant (domain or objectID) Entity (user, group, role, etc) OData query ($filter, $top) API Version collierdemo.onmicrosoft.com/ &api-version= ?$filter=givenName eq 'Jon' users

Graph Security

Service-to-Service OAuth 2.0 Grant Type Client Credentials My Application Azure AD Authentication Endpoint (OAuth) ( REST Service (validates token, process, returns data) Authorization Check Azure Active Directory 1) Request JWT token (provide clienID and secret) 2) Return JWT token 3) HTTP Request w/ JWT token 4) Return response

OAuth 2.0 Grant Type = Client Credentials * Some values removed for readability // get OAuth token using Client Credentials string tenantName = "GraphDir1.onMicrosoft.com"; string issuingAuthority = " + tenantName; AuthenticationContext authenticationContext = new AuthenticationContext(issuingAuthority,false); // Config for OAuth client credentials string clientId = "118473c e3-a8e4-6da8d5f56e12"; string clientSecret = "hOrJ0r0TZ4GQ3obp+vk3FZ7JBVP+TX353kNo6QwNq7Q="; ClientCredential clientCred = new ClientCredential(clientId, clientSecret); string resource = " string token; AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred); token = authenticationResult.AccessToken; OAuth 2.0 grant type, client_id, and client_secret configured in Azure portal

OAuth 2.0 Grant Type = Client Credentials POST Content-Type: application/x-www-form-urlencoded client-request-id: 1e38c3d3-dca3-42ff db607b3488c return-client-request-id: true resource=https%3A%2F%2Fgraph.windows.net& client_id=118473c e3-a8e4-6da8d5f56e12& client_secret=hOrJ0r0TZ4GQ3obp%2Bvk3FZ7JBVP%2BTX353kNo6QwNq7Q%3D& grant_type=client_credentials * Some values removed for readability

OAuth 2.0 Grant Type = Client Credentials Content-Type: application/json; charset=utf-8 client-request-id: 1e38c3d3-dca3-42ff db607b3488c Content-Length: 1160 {"token_type":"Bearer","expires_in":"3599","expires_on":" ","not_before":" ","resource":" "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1Q ZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0Iiwia XNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNGZkMmIyZjItZWEyNy00ZmU1LWE4ZjMtN2IxYTdjOTc1ZjM 0LyIsImlhdCI6MTQwNzYzNjg5NCwibmJmIjoxNDA3NjM2ODk0LCJleHAiOjE0MDc2NDA3OTQsInZlciI6IjEuM CIsInRpZCI6IjRmZDJiMmYyLWVhMjctNGZlNS1hOGYzLTdiMWE3Yzk3NWYzNCIsIm9pZCI6ImIwZGVhNTFlLWJ kMDQtNGI5OS05NmEyLTE0ZDk5YjE5YmM2YSI…………………….." } * Some values removed for readability

1. Leverage ADAL and Graph Library 2. Obtain authentication token 3. Set GraphSetting with API version of choice 4. Set filter properties (if desired) 5. Get, Create, or Delete User, Group, Application, etc.

Questions?

Opening Keynote Scott Guthrie September 25, :00am – 5:00pm PST

Scenarios

Web Application Can call other web APIs Web API Can call other web APIs Web API Includes AAD Graph, O365, custom Web API Includes AAD Graph, O365, custom Browser Native/Mobile Daemon/Server More info at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.