Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Lap Around Windows Azure Active Directory

Published byGillian York Modified over 4 years ago

Similar presentations

Presentation on theme: "A Lap Around Windows Azure Active Directory"— Presentation transcript:

1 A Lap Around Windows Azure Active Directory
9/4/ :17 AM SIA209 A Lap Around Windows Azure Active Directory Vittorio Bertocci Microsoft Corporation © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 What is Windows Azure Active Directory?
Cloud app Extension of Active Directory into the cloud Designed primarily to meet the needs of cloud applications Identity as a service: an essential part of Platform as a Service Azure AD Cloud app Cloud app AD

3 Problem Statement Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning No direct connection to directory AD While enterprises working to consolidate identity system on-premises, cloud apps are fragmenting identity… again

4 History of Azure Active Directory
Exchange Online Active Directory revised to operate as Internet-scale multi-tenant identity service, built concurrently with Office 365 Extends Windows Server Active Directory into cloud Provides cloud-based identity services for organizations without Windows Server AD SharePoint Online Lync Online Azure AD AD

5 Identity Management as a Service
ISV App Consolidate identity management across cloud apps Connect to directory from any platform, any device Connect with people from web identity providers and other organizations Office 365 ISV App Azure AD Other MSFT Apps Your Custom IT App AD

6 Relationship to Windows Server AD
On-premises and cloud Active Directory managed as one Directory information synchronized to cloud, made available to cloud apps via roles-based access control Federated authentication enables single sign on to cloud applications Azure AD Sync and Federation AD

7 How Does a Cloud App Connect to Directory?
Contoso.com Directory ? ? Cloud Application ?

8 Anatomy of a Typical Cloud Application
Web application Web Application Browser Web Application Account and profile store Mobile app Web service API Web Service API Server app Web Service API Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages

9 Azure Active Directory Design Principles
The cloud design point demands capabilities that are not part of current-day Windows Server Active Directory Maximize device & platform reach http/web/REST based protocols Multi-tenancy Customer owns directory, not Microsoft Optimize for availability, consistent performance, and scale Keep it simple

10 Directory Graph API RESTful programmatic access to directory
Objects such as users, groups, roles, licenses Relationships such as member, memberOf, manager, directReport Requests use standard HTTP methods POST, GET, PATCH, DELETE to create, read, update, and delete Response in XML or JSON; standard HTTP status codes Compatible with OData 3.0 OAuth 2.0 for authentication Role-based assignment for application and user authorization

11 Example Directory Graph Call
Request: { “d”: { "Manager": { "uri": " }, "MemberOf": { "uri": " }, "ObjectId": "90ef7131-9d b5c6-fa2eb873ef19", "ObjectReference": "User_90ef7131-9d b5c6-fa2eb873ef19", "ObjectType": "User", "AccountEnabled": true, "DisplayName": "Ed Blanton", "GivenName": "Ed", "Surname": "Blanton", "UserPrincipalName": "Mail": "JobTitle": "Vice President", "Department": "Operations", "TelephoneNumber": " ", "Mobile": " ", "StreetAddress": "One Main Street", "PhysicalDeliveryOfficeName": "Building 2", "City": "Redmond", "State": "WA", "Country": "US", "PostalCode": "98007" } } (Elements of response have been edited to fit on slide)

12 Sample Expense Reporting Application in the Cloud
demo Sample Expense Reporting Application in the Cloud © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Contoso.com Directory Authorized user creates principal in directory for app, authorizes it to use directory by associating with role Service Principal Role (Read) Authorized User Cloud Application Profile Store End User

14 Contoso.com Directory End user authenticates to directory to get token to call cloud app Service Principal Role (Read) User AuthN t1 Cloud Application Profile Store t1 End User

15 t2 t2 Cloud app gets token Accesses Directory Graph using token
Contoso.com Directory Cloud app gets token Accesses Directory Graph using token Uses user unique ID to find profile in local profile store Service Principal Role (Read) Directory Graph Delegated AuthN t2 t2 Cloud Application Profile Store End User

16 Protocols to Connect with Azure AD
Purpose Details REST/HTTP directory access Create, Read, Update, Delete directory objects and relationships Compatible with OData V3 Authenticate with OAuth 2.0 OAuth 2.0 Service to service authentication Delegated access JWT token format Open ID Connect Web application authentication Rich client authentication Under investigation SAML 2.0 SAML 2.0 token format WS-Federation 1.3 SAML 1.1 token format

17 Enterprise Scenarios An enterprise extends AD to cloud to support cloud apps Manage users, groups in AD, changes synchronized to Azure AD On-premises applications use AD Cloud applications use Azure AD A small business uses Azure AD as primary identity system No on-premises applications or AD Use Azure AD to manage users, groups Cloud application use Azure AD

18 Developer Scenarios A developer of an established cloud application enables sign up of customers who have Azure AD Single sign on instead of separate username/password for app Query Directory Graph for user information, provisioning A developer of a new cloud application uses Azure AD as off-the-shelf identity system for their app Use Azure AD as local account store Enable sign up of customers using popular web IDs Enable sign up of customers who have Azure AD

19 Azure Active Directory Developer Preview
Preview functionality Directory Graph with admin level read access Web SSO via WS-Federation, samples for .Net, Java, PHP Not production SLA Interfaces subject to change Separate from production supported Access Control Service Available soon Watch this space:

20 What is Windows Azure Active Directory?
Cloud app Extension of Active Directory into the cloud Designed primarily to meet the needs of cloud applications Identity as a service: an essential part of Platform as a Service Developer preview coming soon Azure AD Cloud app Cloud app AD

21 Related Content SIA205 Running AD on Windows Azure VM, Monday, 3:00pm, N320A OSP321 AD Integration with MS Office 365, Tuesday, 10:15am, S330E SIA321 What’s New in WIF in .Net 4.5, Wednesday, 8:30am, S230A SIA322 Directory Graph API: Drill Down, Thursday, 4:30pm, S310E Find Me Later Today in the TLC Security and Identity Area, 5:30-7:30pm

22 SIA, WSV, and VIR Track Resources
#TESIA209 Talk to our Experts at the TLC Hands-On Labs DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver DOWNLOAD Microsoft System Center 2012 Evaluation microsoft.com/systemcenter

23 Resources Learning TechNet http://europe.msteched.com
Connect. Share. Discuss. Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

24 Submit your evals online
9/4/ :17 AM Evaluations Submit your evals online © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 9/4/ :17 AM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 9/4/ :17 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "A Lap Around Windows Azure Active Directory"

Similar presentations

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Windows Azure Active Directory Graph API

Windows Azure Active Directory Graph API
Identity & Access Control in the Cloud Name Title Organization.

Identity & Access Control in the Cloud Name Title Organization.
A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.

A Lap Around Windows Azure Active Directory Stuart Kwan Lead Principal Program Manager Microsoft Corporation SIA209.
customer.

customer.
What’s New with IIS 8: Open Web Platform for Cloud

What’s New with IIS 8: Open Web Platform for Cloud
A lap around Azure Active Directory Business to Consumer (B2C)

A lap around Azure Active Directory Business to Consumer (B2C)
6/1/2018 2:18 AM OSP302 Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette donovanf@microsoft.com.

6/1/2018 2:18 AM OSP302 Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette
9/11/2018 12:51 AM Cloud Roadshow © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO.

9/11/ :51 AM Cloud Roadshow © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO.
Microsoft Virtual Academy

Microsoft Virtual Academy
SaaS Application Deep Dive

SaaS Application Deep Dive
6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.

6/17/2018 5:54 AM OSP322 Getting the best of both worlds, making the most of SharePoint hybrid search solutions Shyam Narayan Microsoft © 2013 Microsoft.
Microsoft Virtual Academy

Microsoft Virtual Academy
Microsoft Virtual Academy

Microsoft Virtual Academy
The power of common identity across any cloud

The power of common identity across any cloud
Microsoft Ignite /31/ :08 AM

Microsoft Ignite /31/ :08 AM
Infrastructure Provisioning Kenon Owens Sr

Infrastructure Provisioning Kenon Owens Sr
SharePoint Online Management and Control

SharePoint Online Management and Control
Microsoft Virtual Academy

Microsoft Virtual Academy
9/23/2018 1:04 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

9/23/2018 1:04 AM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

Similar presentations

Ads by Google