9/14/2018 4:36 AM The keys to the cloud Use Microsoft identities to sign in and access API from your mobile+web apps Vittorio Bertocci Principal Program Manager @vibronet www.cloudidentity.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Developing with Microsoft Identities Working with businesses Microsoft Build 2017 9/14/2018 4:36 AM Agenda Developing with Microsoft Identities Working with businesses Working with consumers and customers © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Developing with Microsoft identities Microsoft Build 2017 9/14/2018 4:36 AM Developing with Microsoft identities © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

…The BEST identity system for ALL developers. Microsoft Build 2016 9/14/2018 4:36 AM …The BEST identity system for ALL developers. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Our vision An ideal identity system… Reaches the audience you want HYBRID Organizations Individuals An ideal identity system… ON PREMISES CLOUD Reaches the audience you want Awesome cloud infrastructure Has great fundamentals Deflect 1.7M attacks per day in the consumer space Identify 400K potentially compromised users per day Every day the identity ML system processes 10TB of data Open standards WEB APP Works great with your solution MOBILE APP CLIENT SDK RESOURCE SDK

Developing with Microsoft identities PORTAL AZURE AD CLIENT SDK MOBILE APP

Working with businesses Microsoft Build 2017 9/14/2018 4:36 AM Working with businesses © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/14/2018 4:36 AM Azure Active Directory in the Marketplace Every Office 365 and Microsoft Azure customer uses Azure Active Directory organizations 12.8M users 950M 3rd party apps in Azure AD 272K paid Azure AD / EMS customers 56K of Fortune 500 companies use Azure AD 90% +30% YoY +45% YoY +200% YoY +74% YoY © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

90% of Fortune 500 use Azure AD Business and Azure AD 90% of Fortune 500 use Azure AD BROWSER AZURE AD MYDAY

Using Microsoft identities in a web app Microsoft Build 2016 9/14/2018 4:36 AM Using Microsoft identities in a web app AZURE AD OIDC MIDDLEWARE WEB APP BROWSER © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Use Microsoft identities in your web app 9/14/2018 4:36 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ASP.NET Middleware Modules for processing HTTP requests/responses 9/14/2018 4:36 AM ASP.NET Middleware Modules for processing HTTP requests/responses Server-independent (ASP.NET Core) Platform-independent Modules for every protocol OAuth2 (web APIs) OpenId Connect (web apps) WS-Federation (web apps) Automates: Token validation (via service metadata) Protocol enforcement © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ASP.NET Core Middleware Traditional ASP.NET Application Model ASP.NET Core Middleware

ASP.NET Core Middleware

Using Microsoft identities in mobile apps Microsoft Build 2016 9/14/2018 4:36 AM Using Microsoft identities in mobile apps R AZURE AD SQL Azure MICROSOFT API MSAL A MOBILE APP A A R © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Authentication Library (MSAL) 9/14/2018 4:36 AM Microsoft Authentication Library (MSAL) SDK for gaining access to API protected by Microsoft identities Fully OSS, easy to use, full-featured, production-ready Works with Azure AD v2 (work & school accounts, personal accounts) and B2C Available on .NET 4,5x, .NET Core, Xamarin (iOS, Android, UWP) iOS (ObjC/Swift) Android (Java) Javascript SafariViewController on iOS, Chrome custom tabs on Android © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL PublicClientApplication myApp = 9/14/2018 4:36 AM MSAL PublicClientApplication myApp = new PublicClientApplication("a7d8cef0-4145-49b2-a91d-95c54051fa3f") string[] scopes = { "Mail.Read" }; AuthenticationResult rez = await myApp.AcquireTokenAsync(scopes); © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Use Microsoft identities in your mobile app – with MSAL 9/14/2018 4:36 AM Demo Use Microsoft identities in your mobile app – with MSAL © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL and token lifecycle 9/14/2018 4:36 AM MSAL and token lifecycle Don’t save tokens, just keep calling AcquireToken* MSAL will do its best to avoid prompting MSAL works with a sophisticated cache Persistent cache for iOS, Android and UWP Inmemory elsewhere - easy to customize to arbitrary storage Cached tokens are matched to requests according to Authority Scopes ClientId User © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Graph ACTIVITY CONTENT CONVERSATIONS INSIGHTS ME TRENDING Microsoft Build 2017 9/14/2018 4:36 AM Microsoft Graph ACTIVITY CONTENT CONVERSATIONS INSIGHTS ME TRENDING ORGANIZATION GROUPS CHATS REPORTS DOCUMENTS EVENTS DEVICES SHARED CONTACTS EMAIL SITES PEOPLE TASKS TEAMS © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

With Microsoft Graph Get the user profile Yina Tristan Groups Dmitry Microsoft Build 2017 9/14/2018 4:36 AM GET: /users/yina { "displayName": "Yina", "jobTitle": "PRINCIPAL PM MANAGER", } GET: /users/yina/photo/… {} GET: /users/yina/manager {"displayName": "Tristan", …} GET: /users/yina/directReports "value" : [ {"displayName": "Matt", …}, {"displayName": "Dmitry", …}, ] GET: /me/memberOf/… {"displayName": "Office engineering", …}, {"displayName": "Women in tech", …}, With Microsoft Graph Get the user profile Tristan manager Groups memberOf Yina Dmitry Matt Sudhi directReports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Build 2017 9/14/2018 4:36 AM GET /me/drive/root/… "value" : [ {"name": "proposal.pptx",… }, {"name": "forecast.xlsx",… } ] GET /drives/items/{id}/workbook GET /me/messages GET /me/events GET /me/contacts GET /me/onenote/notebooks GET /me/planner/tasks GET /me/devices GET /sites:/teams/opg:/ GET /sites:/teams/opg:/lists GET /groups/{id}/conversations ` With Microsoft Graph Get content for email, calendar, files, tasks, sites, notes & more Documents Calendar Sites Tasks Email Meetings Contacts © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

With Microsoft Graph Get insights based on activities Out of office Microsoft Build 2017 9/14/2018 4:36 AM GET /me/insights/trending "value" : [ {"name": "presentation.pptx", …}, {"name": "forecast.xlsx", …} ] GET /me/drive/recent {"name": "guidelines.pptx", …}, {"name": "budget.xlsx", …} GET /me/people/?$search="topic: planning" {"displayName": "Dan", …}, {"displayName": "Sean", …}, POST /me/findMeetingTimes { "attendees": [ "type": "required", "emailAddress": { "address": "ana@contoso.com" } ], "meetingDuration": "2h" With Microsoft Graph Get insights based on activities Out of office Trending Documents Find me the best time to meet Ana Search people based on topics People I’m working with Recent Documents © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Working with consumers and customers Microsoft Build 2017 9/14/2018 4:36 AM Working with consumers and customers © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory B2C 9/14/2018 4:36 AM Azure Active Directory B2C For app devs: Add registration and sign in to your app in minutes Reach any user, on any platform Select from a set of built-in, self-service identity experiences Customize each pixel. It’s your brand, your HTML and CSS Scale to 100s of millions of user accounts Run on the same secure, highly available infrastructure that powers O365 authentications © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

MSAL, Middleware & Visual Studio Templates MSAL works with B2C, on all available platforms The ASP.NET middleware works with B2C (all versions) It’s just OpenId Connect! New web app templates in Visual Studio New ASP.NET Core apps can use Azure AD B2C from the get–go New individual auth projects also use OIDC, easy to migrate

Demo Connect to a B2C app via Visual Studio 9/14/2018 4:36 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Active Directory B2C 9/14/2018 4:36 AM Azure Active Directory B2C For identity pros: Build custom identity solutions Define user journeys step by step, add conditions and branches Migrate from or integrate with existing user stores Integrate with other tools you use (e.g. CRM, Marketing) Integrate any OIDC or SAML identity providers © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demo Authenticate business users in a B2C application 9/14/2018 4:36 AM Demo Authenticate business users in a B2C application © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Get your hands dirty! Start here: https://azure.microsoft.com/develop/identity/

Identity @ Ignite | Thursday 9/14/2018 4:36 AM Identity @ Ignite | Thursday BRK2018 Share corporate resources with your partners using Azure Active Directory B2B collaboration OCCC W230 Thu 9:00–10:15 Mary Lynch Sarat Subramaniam Laith Al Shamri BRK3207 The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile+web apps OCCC S310 Thu 10:45-12:00 Vittorio Bertocci BRK3012 Secure access to Office 365, SaaS and on-premises apps with Microsoft Enterprise Mobility + Security OCCC W311 Caleb Baker Chris Green BRK3013 Ensure users have the right access with Azure Active Directory OCCC Valencia W415 AB Thu 12:30–1:45 Joseph Dadzie Mark Wahl BRK3015 Deep-dive: Azure Active Directory Authentication and Single-Sign-On OCCC West Hall E1 Thu 2:15-3:30 John Craddock BRK3014 Azure Active Directory best practices from around the world Thu 4:00–5:15 Tarek Dawoud Mark Morowczynski Identity @ Ignite | Friday BRK2276 Modernize your customer identity management with Azure Active Directory B2C OCCC W314 Friday 9:00-9:45 Saeed Akhter © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Our vision, our mission …The BEST identity system for ALL developers. HYBRID USERNAME & PASSWORDS STORE ON PREMISES CLOUD Organizations Individuals Awesome cloud infrastructure Open standards WEB APP MOBILE APP CLIENT SDK RESOURCE SDK …The BEST identity system for ALL developers.

Please evaluate this session Your feedback is important to us! 9/14/2018 4:36 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9/14/2018 4:36 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.