A deep dive into Azure AD B2C

Slides:



Advertisements
Similar presentations
Andrew Hennessy Automating Server Application migrations to the Cloud – Goodbye Server INF21 3.
Advertisements

Building consumer apps with Azure AD B2C
Kevin Francis Big Building Blocks – a tour of Dynamics ARC323 A.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Identity; What you need to know to be in the Microsoft Cloud
3 Ways to Integrate Business Systems to Partners
Azure ARM Templates CLD321 Aaron Saikovski
Serverless in Office 365 Build services with Azure Functions
Making of the Ignite Bot
What's New in System Center Configuration Manager, Current Branch and Intune INF324a Steven Hosking.
4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
A lap around Azure Active Directory Business to Consumer (B2C)
Microsoft Ignite /27/2018 9:00 AM THR2016
Introduction to ASP.NET Core
Azure Active Directory - Business 2 Consumer
The Zen of Package Management
Power BI for the Enterprise
Conversation As a Platform - Part 1
Microsoft Ignite /25/ :22 PM
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Building Business Application with Office 365 and Other Line Business Systems
Using Azure Key Vault for Encrypting and Securing your Cloud Workloads
O365 & AZURE ADDS Mladen Baranek, Miadria
9/11/ :51 AM Cloud Roadshow © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO.
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Azure AD for the client management guy (or gal!)
Microsoft Ignite /19/2018 2:35 AM
Need for Speed: Why Applications With No Database and No Services are Fast ARC334 Nick Randolph – Built to Roam.
Building a Continuous Delivery Pipeline for ASP.NET Core Apps
Jenkins and Azure OPEN322 Michael Friedrich.
The power of common identity across any cloud
Understand Hybrid Identity with Azure and Azure Stack
Examine common architectures for hybrid identity
Using AAD B2C for WordPress & Secure Deployment Scenario
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Darren Neimke and Jonathan Ruckert
Office 365 Development.
Azure AD Line Of Business Application Integration
Integrating Microsoft SharePoint 2010 with Windows Azure
Build vNext in VSO and TFS 2015
What’s new in Visual Studio in 2015?
11/14/ :30 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Edge for Developers
Microsoft Ignite /20/2018 2:21 PM
Microsoft Virtual Academy
Microsoft Virtual Academy
Rob Farley, LobsterPot Solutions
Office 365 and Azure Active Directory Premium
Application Insights:
Introduction to Authentication Authentication සදහා හැදින්වීම
Modern cloud PaaS for mobile apps, web sites, API's and business logic apps
Microsoft Virtual Academy
Microsoft Build /2/2019 6:45 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
TechEd /15/2019 8:08 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
The Power of a Great API Damian Brady
What is Visual Studio Code?
Deep Dive into Azure API Apps and Logic Apps
One Marketing Template
Jonathan Ruckert & Darren Neimke
UI test automation of MVC apps with Microsoft Edge WebDriver
Azure Active Directory
4/15/2019 1:57 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Empower your users with Azure Active Directory Premium
07 | Introduction to Authentication
Securing ASP.NET in an Azure Environment
Pranav Rastogi | Program Manager, Microsoft
11/11/2019 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Presentation transcript:

A deep dive into Azure AD B2C Microsoft Ignite 2016 9/29/2017 11:53 AM A deep dive into Azure AD B2C NET441 Simon Lamb and Chris Padgett © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda The building blocks of a B2C application 9/29/2017 11:53 AM Agenda The building blocks of a B2C application What you might not know Migrating an existing application to B2C Resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

The building blocks of a B2C application 9/29/2017 11:53 AM The building blocks of a B2C application © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Authentication Register applications using portal.azure.com 9/29/2017 11:53 AM Authentication Register applications using portal.azure.com Use OpenID Connect Client or MSAL  Web applications (ASP.NET, ASP.NET Core, Node.js) Native applications (Android, iOS, Windows) Single page applications Use OWIN Web APIs (using id_token) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Limitations Application types Redirection endpoints Libraries & SDKs 9/29/2017 11:53 AM Limitations Application types Daemon/server-side applications (the client credentials grant) Web API authorization (using access_token) Web API chains (the on-behalf-of grant) Redirection endpoints Libraries & SDKs Protocols © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Extensibility Local accounts Social accounts Account attributes Microsoft Ignite 2016 9/29/2017 11:53 AM Extensibility Local accounts Social accounts Account attributes Email verification Phone verification UI customisations Token claims Reporting API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/29/2017 11:53 AM Limitations Branding the local account sign-in page for a sign-in policy Branding the verification email © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Integration Authentication ADAL v2 Graph API v1.6 Create application 9/29/2017 11:53 AM Integration Authentication Create application Add secret Grant access to the Graph API resource Grant access to roles: Directory Readers, Directory Writers, User Account Administrator   ADAL v2 Acquire an access token Graph API v1.6 Create/update local accounts Read/search any accounts Delete any accounts Get/set custom attributes for any accounts © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Limitations Nesting of groups Using the differential query feature of Graph API

Demo Managing users in B2C using Graph API Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Managing users in B2C using Graph API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What you might not know 9/29/2017 11:53 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

What you might not know Billing & production-scale vs preview tenants Email verification Helper tool for UI customisations Token, session & SSO configuration Values for claims may change over time Reporting API

Demo Helper tool for UI customisations Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Helper tool for UI customisations © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Token, session & SSO configuration Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Token, session & SSO configuration © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Reporting API with Power BI Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Reporting API with Power BI © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Migrating an existing application to B2C 9/29/2017 11:53 AM Migrating an existing application to B2C © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Migration considerations 9/29/2017 11:53 AM Migration considerations Register application using portal.azure.com Replace your authentication library with an OpenID Connect Client library or MSAL Use the Graph API to create the user accounts How are the user passwords stored? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Plain-text password migration 9/29/2017 11:53 AM Plain-text password migration We don’t store passwords in plain-text do we? But if we did… Legacy Application Identities stored in a database Azure Identities stored in the cloud Identities in SQL database with passwords stored in plain text graph.microsoft.com Azure AD B2C Cited: http://devopsreactions.tumblr.com/ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hashed password migration 9/29/2017 11:53 AM Hashed password migration Create users via the Graph API Set passwords via the Graph API Either (best): Over time sync passwords to B2C then switch Or (less): Switch then force a password reset for all B2C users Legacy Application Identities stored in a database Azure Identities stored in the cloud Identities in SQL database with hashed passwords 1 graph.microsoft.com Azure AD B2C 4 3 User logging in 2 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo User Migration Microsoft Ignite 2016 9/29/2017 11:53 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/29/2017 11:53 AM Resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources Blog Documentation Feedback forum Pricing Samples https://blogs.msdn.microsoft.com/azureadb2c/ Documentation https://docs.microsoft.com/en-us/azure/active-directory-b2c/ Feedback forum https://feedback.azure.com/forums/169401-azure-active-directory/category/160596-b2c Pricing https://azure.microsoft.com/en-us/pricing/details/active-directory-b2c/ Samples https://github.com/AzureADQuickStarts © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Continue your Ignite learning path 9/29/2017 11:53 AM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings https://channel9.msdn.com/ Head to the TechNet Eval Centre to download trials of the latest Microsoft products http://Microsoft.com/en-us/evalcenter/ Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.com © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/29/2017 11:53 AM Thank you Chat with me in the Speaker Lounge Find me @slamb2k (Twitter) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.