A deep dive into Azure AD B2C Microsoft Ignite 2016 9/29/2017 11:53 AM A deep dive into Azure AD B2C NET441 Simon Lamb and Chris Padgett © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Agenda The building blocks of a B2C application 9/29/2017 11:53 AM Agenda The building blocks of a B2C application What you might not know Migrating an existing application to B2C Resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
The building blocks of a B2C application 9/29/2017 11:53 AM The building blocks of a B2C application © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Authentication Register applications using portal.azure.com 9/29/2017 11:53 AM Authentication Register applications using portal.azure.com Use OpenID Connect Client or MSAL Web applications (ASP.NET, ASP.NET Core, Node.js) Native applications (Android, iOS, Windows) Single page applications Use OWIN Web APIs (using id_token) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Limitations Application types Redirection endpoints Libraries & SDKs 9/29/2017 11:53 AM Limitations Application types Daemon/server-side applications (the client credentials grant) Web API authorization (using access_token) Web API chains (the on-behalf-of grant) Redirection endpoints Libraries & SDKs Protocols © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Extensibility Local accounts Social accounts Account attributes Microsoft Ignite 2016 9/29/2017 11:53 AM Extensibility Local accounts Social accounts Account attributes Email verification Phone verification UI customisations Token claims Reporting API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9/29/2017 11:53 AM Limitations Branding the local account sign-in page for a sign-in policy Branding the verification email © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Integration Authentication ADAL v2 Graph API v1.6 Create application 9/29/2017 11:53 AM Integration Authentication Create application Add secret Grant access to the Graph API resource Grant access to roles: Directory Readers, Directory Writers, User Account Administrator ADAL v2 Acquire an access token Graph API v1.6 Create/update local accounts Read/search any accounts Delete any accounts Get/set custom attributes for any accounts © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Limitations Nesting of groups Using the differential query feature of Graph API
Demo Managing users in B2C using Graph API Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Managing users in B2C using Graph API © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What you might not know 9/29/2017 11:53 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What you might not know Billing & production-scale vs preview tenants Email verification Helper tool for UI customisations Token, session & SSO configuration Values for claims may change over time Reporting API
Demo Helper tool for UI customisations Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Helper tool for UI customisations © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Demo Token, session & SSO configuration Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Token, session & SSO configuration © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Demo Reporting API with Power BI Microsoft Ignite 2016 9/29/2017 11:53 AM Demo Reporting API with Power BI © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Migrating an existing application to B2C 9/29/2017 11:53 AM Migrating an existing application to B2C © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Migration considerations 9/29/2017 11:53 AM Migration considerations Register application using portal.azure.com Replace your authentication library with an OpenID Connect Client library or MSAL Use the Graph API to create the user accounts How are the user passwords stored? © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Plain-text password migration 9/29/2017 11:53 AM Plain-text password migration We don’t store passwords in plain-text do we? But if we did… Legacy Application Identities stored in a database Azure Identities stored in the cloud Identities in SQL database with passwords stored in plain text graph.microsoft.com Azure AD B2C Cited: http://devopsreactions.tumblr.com/ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Hashed password migration 9/29/2017 11:53 AM Hashed password migration Create users via the Graph API Set passwords via the Graph API Either (best): Over time sync passwords to B2C then switch Or (less): Switch then force a password reset for all B2C users Legacy Application Identities stored in a database Azure Identities stored in the cloud Identities in SQL database with hashed passwords 1 graph.microsoft.com Azure AD B2C 4 3 User logging in 2 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Demo User Migration Microsoft Ignite 2016 9/29/2017 11:53 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9/29/2017 11:53 AM Resources © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Resources Blog Documentation Feedback forum Pricing Samples https://blogs.msdn.microsoft.com/azureadb2c/ Documentation https://docs.microsoft.com/en-us/azure/active-directory-b2c/ Feedback forum https://feedback.azure.com/forums/169401-azure-active-directory/category/160596-b2c Pricing https://azure.microsoft.com/en-us/pricing/details/active-directory-b2c/ Samples https://github.com/AzureADQuickStarts © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Continue your Ignite learning path 9/29/2017 11:53 AM Continue your Ignite learning path Visit Channel 9 to access a wide range of Microsoft training and event recordings https://channel9.msdn.com/ Head to the TechNet Eval Centre to download trials of the latest Microsoft products http://Microsoft.com/en-us/evalcenter/ Visit Microsoft Virtual Academy for free online training visit https://www.microsoftvirtualacademy.com © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9/29/2017 11:53 AM Thank you Chat with me in the Speaker Lounge Find me @slamb2k (Twitter) © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.