Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory Over 400 million Active Directory users Active Directory users will move to Azure Active Directory. Impressive growth of Azure Active Directory users since 2011 Over 3 million companies, 469K active tenants last week Approaching 146 million directory users, 16 million active users last week For the past 3 months, 25,000 new users have logged into Azure Active Directory for the first time

7 Windows Azure Active Directory Directory Synch On Premises Active Directory PowerShe ll Admin Portal Multi Tenant Environment Divided into Tenants Typed objects Example: Users, Groups, Contacts, Roles, Licenses Relationships Member/Member of, Manager/Direct reports REST OAuth Application s LDAP Kerberos REST Interface Administration Scripting, PowerShe ll GraphAPI

version= &$filter=state eq ‘WA’ Graph URL (static) Specific entity type, such as users, groups, contacts, tenantDetails, roles, applications, etc. Tenant of interest – can be tenant’s verified domain or objectId. API version – “ ” is the Supported GA version Optional Odata query arguments: $filter, $top API version – “ ” is the 1.0 version

Directory Application 2. Return token 1. Request JWT token (pass input claims) REST Service Validates token, processes request, returns data Authorization Check 3. HTTP Request with JWT Token Azure AD Authentication Endpoint (OAuth) 4. Return Response and Data

Authentication - Acquiring a token OAuth 2.0 grant type=client credentials POST HEADERS Content-Type: application/x-www-form-urlencoded BODY grant_type=client_credentials&resource=https%3a%2f%2fgraph.windows.net&client_id=52752c8e- d73c-4f9a-a0f9- 2d75607ecb8e&client_secret=qKDjII5%2FK8WyKj6sRo5a5vD6%2Bm74uk1A%2BpIlM%3D RESPONSE: 200 OK Token will be returned back to the calling application if all values are valid Notes: OAuth 2.0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications

GET HEADERS Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. Content-type: Application/JSON;odata=minimalmetadata RESPONSE: 200 OK RETURN User Objects in JSON GET version= HEADERS Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. Content-type: Application/JSON;odata=minimalmetadata RESPONSE: 200 OK RETURN: data representing User’s thumb nail photo

RequestDescription ​Returns tenant level Information including company name, tech contact, subscriptions ​ f2bc96d823d9/members?api-version= ​returns a group’s members ​ eq 'Adam Barr'&api- version= ​using odata filter to get a specific user ​ ge 'A' and displayName le 'F'&api-version= ​filters for a range of users ​​ 05&$filter=startswith(displayName,'James') ​an example odata filter using startsWith ​ 05&$filter=proxyAddresses/any(c:startswith(c,'SMTP:Ad')) ​an example odata filter using the any operator, search for users who have a proxy address starting with 'SMTP:ad' ?api-version= ​Get a users’ group membership api-version= ​Get an individual User's manager orts?api-version= ​Get an individuals ‘ Direct Reports ​ 02d9103cb82b?api-version= resolve an directory object via GUID (you may not know what type of entity object this is - returned data will provide details). Roles ​ all subscriptions that the tenant owns

POST /token?api-version=1.0 HEADERS Content-Type: application/x-www-form- urlencoded BODY grant_type=client_credentials&resource=https %3a%2f%2fgraph.windows.net&client_id=5275 2c8e-d73c-4f9a-a0f9- 2d75607ecb8e&client_secret=qKDjII5%2FK8Wy Kj6sRo5a5vD6%2Bm44uk1A%2BpIlM%3D RESPONSE: 200 OK Notes: Oauth 2.0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications

Create a New User POST HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY { "accountEnabled":true, "displayName":"New User", "passwordProfile":{ "forceChangePasswordNextLogin":true}, "mailNickname":"NewUser" } RESPONSE: 201 Created Notes: (1)the password must meet the tenant’s Accepted password complexity requirements. (2 )the minimum set of properties to create a user is shown in the example above. (3) setting the user’s usage location is not shown above.

Update Group or Role membership POST cf0f654de307/$links/members?api-version= HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY: { "url":" 14da134a2b1e" } RESPONSE: 204 Notes: replace /groups with /roles to support Role membership updates Add a User to a Group

Reset a User’s password PATCH HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY: { "passwordProfile": { "password":"newPassword1!", "forceChangePasswordNextLogin":false } RESPONSE: 204 Notes: password must meet the tenant’s accepted password policy (matching password complexity, length and password re-use policy) Reset a User’s password

Demo Read and Write Operations in C# Visual Studio Project using WCF Data Services Graph Helper Class

cts?api-version= &deltaLink= Graph URL (static) Resource set of interest – To indicate specific entity type, specify “users” / “groups” / “contacts”. Use “directoryObjects” to include all 3 entities types. Tenant of interest – can be tenant’s verified domain or objectId. API version – “ ” is the 1.0 version Empty, to indicate this is an initial query. Subsequent queries contains deltaLink/nextLink value obtained from previous response.

Differential Query Demo Graph Explorer om/users?api-version= &deltaLink=

The Enterprise Cloud for HR and Finance Samir Rathod – Sr. Enterprise Architect

Starting from Scratch

The Enterprise Cloud for HR and Finance WORKDAY CONFIDENTIAL TIME TRACKING PAYROLL TALENT HUMAN RESOURCES FINANCIALS REVENUE PROCUREMENT EXPENSES CONSUMER UICOLLABORATION MOBILEACTIONABLE ANALYTICS GLOBAL AT THE CORE MULTI-TENANTIN-MEMORYCONFIGURABLE PROCESSES OBJECT ORIENTED ADAPTIVE FOUNDATION TECHNOLOGY SECURITYREPORTING & WORKTAGS SETTLEMENT ENGINE GOVERNANCE & COMPLIANCE EMBEDDED SERVICES INTEGRATION CLOUD

WORKDAY CONFIDENTIAL Other Workday Customers by Industry Services Technology Retail & Hospitality Manufacturing Financial Services Education & Government Healthcare & Life Sciences Other

Thank you! WORKDAY CONFIDENTIAL

Drop by the Windows Azure booth to participate in the Windows Azure Challenge for even more prizes! MSDN Subscribers: you’ve got it, now use it Activate your MSDN Benefit & try it by 9/30 You could win* an Aston Martin V8 Vantage! Go to:

Windows Enterprise: windows.com/enterprisewindows.com/enterprise