Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Azure Active Directory Graph API

Published byClarissa Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows Azure Active Directory Graph API"— Presentation transcript:

1 Windows Azure Active Directory Graph API
4/23/2017 2:37 PM SIA322 Windows Azure Active Directory Graph API Edward Wu Sr Program Manager Microsoft Corporation © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Windows Azure Active Directory Graph API
Introduction Goals Querying Directory Data Application Authentication/Authorization Demos Roadmap Summer/Fall Resources/Getting Started

3 Windows Azure Active Directory Graph API
Is here now – it is integrated with Office 365 and Windows Azure, available to all apps. Integrated modern identity management service for Office 365, Azure & 3rd party web applications Single sign-on across Microsoft and 3rd party applications with increased security control Windows Azure Active Directory Access directory data with RESTful Graph API Integrates with consumer identity and social networks Graph API

4 Windows Azure Active Directory Graph API
Goals Make it Easy for applications to integrate with the Azure Active Directory Lay the foundation for creation of higher-level capabilities: look ups, people pickers, security group membership, cross-company collaboration … Provide high usability and interoperability Solution: new RESTful interface for Windows Azure AD Support HTTP/REST-based protocol for accessing all directory information Support HTTP response codes and Return directory objects in JSON/XML Compatible with Odata V3 for more complex queries & metadata ( Leverage OAuth 2.0 for Authentication

5 Connecting to Windows Azure Active Directory
Administration Scripting, PowerShell PowerShell Admin Portal Windows Azure Active Directory On Premises Active Directory Directory Synch REST Interface REST OAuth New Applications Applications LDAP Kerberos Multi Tenant Environment Divided into Tenants Typed objects Example: Users, Groups, Contacts, Roles, Licenses Relationships Member/Member of, Manager/Direct reports

6 Windows Azure Active Directory Resources https://directory. windows
TenantDetails Users Groups Contacts Roles Subscribed Skus Extended Windows Azure AD for the cloud: Licensing, Provisioning, DirSynch status, Domain Status

7 REST interface for Directory Access
Request URI structure <Service root>/<resource path>[? Query string options] eq ‘Adam Barr” Navigating the URI structure Example of filters ?$filter=City eq ‘Redmond‘ ?$filter=GivenName eq ‘Adam' and Surname eq ‘Barr‘ ?$filter=Surname ge ‘Jackson' and Surname le ‘Jz' Response Response body JSON or XML HTTP Response Code

8 GET a User Object Returned JSON user object
Request: Returned JSON user object "d": {"__metadata": {"id": " "uri": " "type": "Microsoft.Online.DirectoryApi.User" },"Manager": {"__deferred": { "uri": " },"DirectReports": {"__deferred": { "uri": " },"MemberOf": { "__deferred": {"uri": " "ObjectId": "d7aadc28-a2ea-4c0e-aabe-f13c675b3e9c", "ObjectReference": "User_d7aadc28-a2ea-4c0e-aabe-f13c675b3e9c", "ObjectType": "User","AccountEnabled": true, "AssignedLicenses": {"__metadata": {"type": "Collection(Microsoft.Online.DirectoryApi.AssignedLicense)"},"results": [ ]}, "AssignedPlans": {"__metadata": {"type": "Collection(Microsoft.Online.DirectoryApi.AssignedPlan)"},"results": [ ]}, "City": "Redmond","Country": "US","Department": null,"DirSyncEnabled": null,"DisplayName": "Adam Barr","FacsimileTelephoneNumber": null,"GivenName": "Adam","JobTitle": null,"LastDirSyncTime": null,"Mail": null,"Mobile": null,"OtherMails": {"__metadata": {"type": "Collection(Edm.String)"},"results": [ ]}"PasswordPolicies": "None","PhysicalDeliveryOfficeName": null,"PostalCode": "98052","PreferredLanguage": null, "ProvisionedPlans": {"__metadata": {"type": "Collection(Microsoft.Online.DirectoryApi.ProvisionedPlan)"},"results": [ ]}, "ProvisioningErrors": {"__metadata": {"type": "Collection(Microsoft.Online.DirectoryApi.ProvisioningError)"},"results": [ ]}, "ProxyAddresses": {"__metadata": {"type": "Collection(Edm.String)"},"results": [ ]},"State": "WA","StreetAddress": "One Microsoft Way", "Surname": "Barr","TelephoneNumber": " ","UsageLocation": "US","UserPrincipalName": }

9 Referenced Links Users
/Manager Bob Bob Adam /DirectReports Sue Jim /MemberOf Jill US Sales Team

10 Referenced Links Groups
Global Sales Team US Sales Europe US Sales Team Bob Sue Jim Jill

11 Querying and Data management
Users are sorted by DisplayName, other entities are un-sorted OData Query Options $filter Logical And operations, Eq, Ge, Le Paging - $top

12 Authentication and Authorization for LOB Application
Windows Azure Active Directory Request JWT token (pass input claims) OAuth Endpoint Directory Return token Application REST Front End Validates ACStoken Authorization Check HTTP Request with JWT Token

13 Navigating the REST interface Sample Application

14 Application Authentication and Authorization
Company Admin adds an Application Service Principal to his tenant and assigns a Role (Read and/or Write) 2. Developer configures the App to use Application Service Principal Id and App Secret (cert or symmetric key) Developer Runs the App - REST Front End validates ACS token and Authorizes the request

15 Titus Paul Reid

16 Data security and governance for unstructured information
TITUS solutions protect information assets Prevent data leaks Raise user security awareness Comply with regulations Embeds classification metadata into unstructured information s Office documents Other file types

17 Over 300 Enterprise Customers
Healthcare Government Energy & Utilities Transportation Over 300 Enterprise Customers Across All Industries 2 Million TITUS Users Retail Banking Military Insurance Chemical & Petroleum Telecom

18 What the Graph API means to TITUS
TITUS believes Metadata is foundational to Information Protection. More importantly TITUS brings context to the application and understanding of metadata. The introduction of a REST based Graph API to Windows Azure AD provides; Access to AD from off Premises. Easier federated access to all hosted Tenants. The Social Graph Aspect allows for “context” of the user attributes in relation to others; This will facilitate stronger Information Protection through TITUS Products

19 TITUS Demonstration Scenario
Marcus has been traveling outside of the office for the past several weeks sending s from the road. He needs to send an to his engineering team members about their current Project. Since he has been traveling, he has not heard that Anna has been transferred into sales. His company has a policy that non-engineering staff can not receive s about engineering projects

20 TITUS solution using Graph API
Windows Azure AD HTTP Request Get Group Members of Engineering With Token Engineering Engineering Group Derek Ed Anna Ed HTTP Response with Engineering Group Memberships Derek

21 Optimal IDM Michael Brengs

22 Michael Brengs Director of Sales
Cell

23 Overview of Optimal IdM
Company Highlights Founded in 2005 100% organically grown Profitable every quarter since inception No debt or outside investment Headquartered in Tampa, Florida Global Presence (solutions on 5 continents) Core Microsoft Identity & Access Partner Independent Software Vendor (ISV) and Consulting Partner Member of the Security Partner Advisory Council (PAC) Meet under NDA with Microsoft on quarterly basis

24 What is the Virtual Identity Server (VIS)?
LDAP Virtual Directory VIS is a proxy server to LDAP Provides a real-time proxy of multiple LDAP servers Applications can now support multi-forest with no changes to application. Data is not stored in VIS; it is proxied Additional security and control Additional functionality – data transformation Adapters (VISA’s) – to data sources

25 Office 365 & Cloud Directory
Have an out-of-the-box Graph API VISA that can read/write to Office 365 (Standard LDAP to read cloud) Will be the mechanism VIS for Office 365 solution provisions/de-provisions to Office 365.

26 partner Orcas Consulting Name: Jeremy Palenchar Title: Partner
4/23/2017 2:37 PM partner Orcas Consulting Name: Jeremy Palenchar Title: Partner Company: Orcas Consulting © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Graph API Management Agent for FIM 2010 from Orcas Consulting
4/23/2017 2:37 PM announcing Graph API Management Agent for FIM 2010 from Orcas Consulting © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Demo Environment Azure AD Salesforce.com Import Export In Cloud
pre-production tenant Salesforce.com orcas development tenant Import Export In Cloud On-Prem FIM 2010

29 Graph API Management Agent for FIM 2010
4/23/2017 2:37 PM demo Graph API Management Agent for FIM 2010 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Graph API Development – Thoughts & Lessons Learned
Easy to consume data using OData for .Net Very little custom code for MA implementation Authentication tested using symmetric and PKI (asymmetric) tokens FIM MA Page Size & Graph API Continuation Tokens Reference Objects & Attributes

31 switch (currentObjectType)
{ case "User": if (importContinuationToken == null) requestUri = new Uri(connectionUri + "Users?$top=" + importPageSize); } else requestUri = new Uri(importContinuationToken+"&$top=" + importPageSize); QueryOperationResponse<User> response = dataService.Execute<User>(requestUri) as QueryOperationResponse<User>; importedUsers = response.ToList(); importContinuationToken = (QueryOperationResponse)response).GetContinuation(); ...

32 foreach (Group g in importedGroups)
{ CSEntryChange group = CSEntryChange.Create(); group.ObjectModificationType = ObjectModificationType.Add; group.ObjectType = "Group"; dataService.LoadProperty(g, "Members"); foreach (var p in g.GetType().GetProperties()) ...

33 Preview: POST – Creating a new user
POST /Contoso.com/Users HTTP/1.1 Host: Content-Type: application/json;odata=verbose Authorization: Bearer ey1287Z……… X-ms-dirapi-contract-version: 0.5 { "AccountEnabled":true, "City":Seattle, "Country":US, "DisplayName":“Bob Jones", "GivenName": Bob, "PostalCode":98125, "PreferredLanguage":EN, "State":WA, "StreetAddress":123 Main Street, "Surname":Jones, "UsageLocation":US, }

34 Azure AD Graph API Developer Preview - interface to change, no production SLA Summer: July Preview Read Aug Preview Write Future - Additional Directory properties - User Authentication/Delegation - ISV Commerce scenarios - Notifications and Provisioning Give Us Feedback – what do you need?

35 Getting Started Coming soon
Watch this blog: Review MSDN content Download the Sample application Run it against a test tenant in Windows Azure AD Get your own Windows Azure Active Directory Test Company Office 365 Trial Sign-up Configure your Tenant, Service Principal and Application Use provided PowerShell Scripts to configure App and to add sample directory data F5 - Build and Run your app – extend it, play with it, integrate it Rate the App, ask Questions and give feedback

36 Connecting to Windows Azure Active Directory
Admin Portal Windows Azure Active Directory PowerShell On Premises Active Directory Directory Synch REST Interface REST OAuth Your Applications Applications LDAP Kerberos Multi Tenant Environment Divided into Tenants Typed objects Example: Users, Groups, Contacts, Roles, Licenses Relationships Member/Member of, Manager/Direct reports

37 Related Content that was presented
SIA209 A Lap Around Windows Azure Active Directory, Monday SIA205 Running AD on Windows Azure VM, Monday OSP321 Active Directory Integration with Microsoft Office 365, Tuesday Find Me Later : at the Party and Online

38 Resources Watch this Space: http://blogs.msdn.com/windowsazure
MSDN Documentation: Windows Azure AD Graph API Preview Sample Application download link

39 SIA, WSV, and VIR Track Resources
#TE(sessioncode) Talk to our Experts at the TLC Hands-On Labs DOWNLOAD Windows Server 2012 Release Candidate microsoft.com/windowsserver DOWNLOAD Windows Azure Windowsazure.com/ teched

40 Resources Learning TechNet http://northamerica.msteched.com
Connect. Share. Discuss. Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

41 Complete an evaluation on CommNet and enter to win!
Required Slide Complete an evaluation on CommNet and enter to win!

42 Please Complete an Evaluation Your feedback is important!
Be eligible to win great daily prizes and the grand prize of a $5,000 Travel Voucher! Multiple ways to Evaluate Sessions Scan the Tag to evaluate this session now on myTechEd Mobile

43 4/23/2017 2:37 PM © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Why REST for the Directory?
Broad Industry Adoption Super Simple - Http - GET, PUT, POST, DELETE Lots of available client libraries REST for the Directory Easy integration with any app on any platform

45 4/23/2017 2:37 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Windows Azure Active Directory Graph API"

Similar presentations

Windows Server 2012 + Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.

Windows Server Advanced Storage Solutions = Datacenter Elevation Alex Jauch Architect NetApp John Parker Technical Marketing Manager NetApp.
What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.

What’s New in Active Directory in Windows Server 2012 Dean Wells Active Directory Product Group Microsoft SIA312.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.

What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.

Cloudy Weather: How Secure Is the Cloud? David Aiken Windows Azure Microsoft Corporation.
Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.

Making Entitlements in AD Understandable to the Business Rob de Jong Program Manager Microsoft Corporation SIA314.
Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.

Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.
Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio

Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,

Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,
Deep Dive into Windows Azure Virtual Machines – From Cloud Vendor and Enterprise Perspective Vijay Rajagopalan Principal Lead Program Manager Microsoft.

Deep Dive into Windows Azure Virtual Machines – From Cloud Vendor and Enterprise Perspective Vijay Rajagopalan Principal Lead Program Manager Microsoft.
Standards Support and Interoperability in Windows Server 2012: Networking, Management, and Storage Jeffrey Snover Distinguished Engineer and Lead Architect.

Standards Support and Interoperability in Windows Server 2012: Networking, Management, and Storage Jeffrey Snover Distinguished Engineer and Lead Architect.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.

Deep Dive on Active Directory PowerShell Mudassir Ali Software Development Engineer Microsoft Corporation SIA404.
Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.

Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.
Microsoft Private Cloud Fast Track: The Next Generation of Private Cloud Reference Architecture Mike Truitt Sr. Product Planner Bryon Surace Sr. Program.

Microsoft Private Cloud Fast Track: The Next Generation of Private Cloud Reference Architecture Mike Truitt Sr. Product Planner Bryon Surace Sr. Program.
Branding and Customizing My Sites with Microsoft SharePoint Server 2010 John Ross & Randy Drisgill MVPs Rackspace Hosting OSP337.

Branding and Customizing My Sites with Microsoft SharePoint Server 2010 John Ross & Randy Drisgill MVPs Rackspace Hosting OSP337.
Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012) Chuck Heinzelman Senior Program Manager – BPD CX Microsoft Corporation.

Configuring Kerberos for Microsoft SharePoint 2010 BI in 7 Steps (SQL Server 2012) Chuck Heinzelman Senior Program Manager – BPD CX Microsoft Corporation.
Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.

Enabling Disaster Recovery for Hyper-V Workloads Using Hyper-V Replica Shreesh Dubey Principal Group Program Manager Microsoft Corporation VIR302.
Application Integration Futures - The Road Map and What's Next on Windows Azure Bala SriramRajesh Ramamirtham Director of DevelopmentProgram Manager AZR207.

Application Integration Futures - The Road Map and What's Next on Windows Azure Bala SriramRajesh Ramamirtham Director of DevelopmentProgram Manager AZR207.

Similar presentations

Ads by Google