Presentation is loading. Please wait.

Presentation is loading. Please wait.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Published byAlan Goodwin Modified over 9 years ago

Similar presentations

Presentation on theme: "Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory."— Presentation transcript:

1

2

3

4 Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory Over 400 million Active Directory users Active Directory users will move to Azure Active Directory. Impressive growth of Azure Active Directory users since 2011 Over 3 million companies, 469K active tenants last week Approaching 146 million directory users, 16 million active users last week For the past 3 months, 25,000 new users have logged into Azure Active Directory for the first time

5

6

7 7 Windows Azure Active Directory Directory Synch On Premises Active Directory PowerShe ll Admin Portal Multi Tenant Environment Divided into Tenants Typed objects Example: Users, Groups, Contacts, Roles, Licenses Relationships Member/Member of, Manager/Direct reports REST OAuth Application s LDAP Kerberos REST Interface Administration Scripting, PowerShe ll GraphAPI

8 https://graph.windows.net/contoso.com/users?api- version=2013-04-05&$filter=state eq ‘WA’ Graph URL (static) Specific entity type, such as users, groups, contacts, tenantDetails, roles, applications, etc. Tenant of interest – can be tenant’s verified domain or objectId. API version – “2013-04-05” is the Supported GA version Optional Odata query arguments: $filter, $top API version – “2013-04- 05” is the 1.0 version

9

10 Directory Application 2. Return token 1. Request JWT token (pass input claims) REST Service Validates token, processes request, returns data Authorization Check 3. HTTP Request with JWT Token Azure AD Authentication Endpoint (OAuth) 4. Return Response and Data

11 Authentication - Acquiring a token OAuth 2.0 grant type=client credentials POST https://login.windows.net/contoso.com/oauth2/token?api-version=1.0 HEADERS Content-Type: application/x-www-form-urlencoded BODY grant_type=client_credentials&resource=https%3a%2f%2fgraph.windows.net&client_id=52752c8e- d73c-4f9a-a0f9- 2d75607ecb8e&client_secret=qKDjII5%2FK8WyKj6sRo5a5vD6%2Bm74uk1A%2BpIlM%3D RESPONSE: 200 OK Token will be returned back to the calling application if all values are valid Notes: OAuth 2.0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications

12 GET https://graph.windows.net/contoso.com/users?api-version=2013-04-05 HEADERS Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. Content-type: Application/JSON;odata=minimalmetadata RESPONSE: 200 OK RETURN User Objects in JSON GET https://graph.windows.net/contoso.com/users/adam@contso.com/thumbnailPhoto?api- version=2013-04-05 HEADERS Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. Content-type: Application/JSON;odata=minimalmetadata RESPONSE: 200 OK RETURN: data representing User’s thumb nail photo

13

14 RequestDescription https://graph.windows.net/graphDir1.OnMicrosoft.com/tenantDetails?api-version=2013-04-05 ​Returns tenant level Information including company name, tech contact, subscriptions ​https://graph.windows.net/graphDir1.OnMicrosoft.com/groups/7373b0af-d462-406e-ad26- f2bc96d823d9/members?api-version=2013-04-05 ​returns a group’s members ​https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?$filter=displayName eq 'Adam Barr'&api- version=2013-04-05 ​using odata filter to get a specific user ​https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?$filter=displayName ge 'A' and displayName le 'F'&api-version=2013-04-05 ​filters for a range of users ​​https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?api-version=2013-04- 05&$filter=startswith(displayName,'James') ​an example odata filter using startsWith ​https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?api-version=2013-04- 05&$filter=proxyAddresses/any(c:startswith(c,'SMTP:Ad')) ​an example odata filter using the any operator, search for users who have a proxy address starting with 'SMTP:ad' https://graph.windows.net/GraphDir1.OnMicrosoft.com/users/adam@graphdir1.onmicrosoft.com/memberOf ?api-version=2013-04-05 ​Get a users’ group membership https://graph.windows.net/graphDir1.OnMicrosoft.com/users/Adam@graphDir1.OnMicrosoft.com/manager? api-version=2013-04-05 ​Get an individual User's manager ​https://graph.windows.net/graphDir1.OnMicrosoft.com/users/Adam@graphDir1.onMicrosoft.com/directRep orts?api-version=2013-04-05 ​Get an individuals ‘ Direct Reports ​https://graph.windows.net/graphDir1.OnMicrosoft.com/directoryObjects/2bb8892b-b7bf-4ae9-b2f2- 02d9103cb82b?api-version=2013-04-05 resolve an directory object via GUID (you may not know what type of entity object this is - returned data will provide details). https://graph.windows.net/graphDir1.OnMicrosoft.com/roles?api-version=2013-04-05​Return Roles ​https://graph.windows.net/graphDir1.OnMicrosoft.com/subscribedSkus?api-version=2013-04-05​Return all subscriptions that the tenant owns

15 POST https://login.windows.net/contoso.com/oauth2 /token?api-version=1.0 HEADERS Content-Type: application/x-www-form- urlencoded BODY grant_type=client_credentials&resource=https %3a%2f%2fgraph.windows.net&client_id=5275 2c8e-d73c-4f9a-a0f9- 2d75607ecb8e&client_secret=qKDjII5%2FK8Wy Kj6sRo5a5vD6%2Bm44uk1A%2BpIlM%3D RESPONSE: 200 OK Notes: Oauth 2.0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications

16

17

18 Create a New User POST https://graph.windows.net/contoso.com/users?api-version=2013-04-05 HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY { "accountEnabled":true, "userPrincipalName":"NewUser@contoso.com", "displayName":"New User", "passwordProfile":{ "password":"VStrongP@ssword1", "forceChangePasswordNextLogin":true}, "mailNickname":"NewUser" } RESPONSE: 201 Created Notes: (1)the password must meet the tenant’s Accepted password complexity requirements. (2 )the minimum set of properties to create a user is shown in the example above. (3) setting the user’s usage location is not shown above.

19 Update Group or Role membership POST https://Graph.windows.net/contoso.com/groups/02a8a087-a371-43f9-94df- cf0f654de307/$links/members?api-version=2013-04-05 HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY: { "url":"https://graph.windows.net/contoso.com/directoryObjects/93d8feee-6365-4b3b-98c0- 14da134a2b1e" } RESPONSE: 204 Notes: replace /groups with /roles to support Role membership updates Add a User to a Group

20 Reset a User’s password PATCH https://graph.windows.net/contoso.com/users/adam@contoso.com?api-version=2013-04-05 HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T…. BODY: { "passwordProfile": { "password":"newPassword1!", "forceChangePasswordNextLogin":false } RESPONSE: 204 Notes: password must meet the tenant’s accepted password policy (matching password complexity, length and password re-use policy) Reset a User’s password

21 Demo Read and Write Operations in C# Visual Studio Project using WCF Data Services 5.3 + Graph Helper Class

22

23

24 https://graph.windows.net/contoso.com/directoryObje cts?api-version=2013-04-05&deltaLink= Graph URL (static) Resource set of interest – To indicate specific entity type, specify “users” / “groups” / “contacts”. Use “directoryObjects” to include all 3 entities types. Tenant of interest – can be tenant’s verified domain or objectId. API version – “2013-04- 05” is the 1.0 version Empty, to indicate this is an initial query. Subsequent queries contains deltaLink/nextLink value obtained from previous response.

25 Differential Query Demo Graph Explorer https://graph.windows.net/graphDir1.OnMicrosoft.c om/users?api-version=2013-04-05&deltaLink=

26

27 The Enterprise Cloud for HR and Finance Samir Rathod – Sr. Enterprise Architect

28 Starting from Scratch

29 The Enterprise Cloud for HR and Finance WORKDAY CONFIDENTIAL TIME TRACKING PAYROLL TALENT HUMAN RESOURCES FINANCIALS REVENUE PROCUREMENT EXPENSES CONSUMER UICOLLABORATION MOBILEACTIONABLE ANALYTICS GLOBAL AT THE CORE MULTI-TENANTIN-MEMORYCONFIGURABLE PROCESSES OBJECT ORIENTED ADAPTIVE FOUNDATION TECHNOLOGY SECURITYREPORTING & WORKTAGS SETTLEMENT ENGINE GOVERNANCE & COMPLIANCE EMBEDDED SERVICES INTEGRATION CLOUD

30 WORKDAY CONFIDENTIAL Other Workday Customers by Industry Services Technology Retail & Hospitality Manufacturing Financial Services Education & Government Healthcare & Life Sciences Other

31 Thank you! WORKDAY CONFIDENTIAL

32

33

34

35 Drop by the Windows Azure booth to participate in the Windows Azure Challenge for even more prizes! MSDN Subscribers: you’ve got it, now use it Activate your MSDN Benefit & try it by 9/30 You could win* an Aston Martin V8 Vantage! Go to: http://aka.ms/AzureContesthttp://aka.ms/AzureContest

36 Windows Enterprise: windows.com/enterprisewindows.com/enterprise

37

38 http://microsoft.com/msdn www.microsoft.com/learning http://channel9.msdn.com/Events/TechEd http://microsoft.com/technet

39

40

Download ppt "Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory."

Similar presentations

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
SYNC DEMO “We bought Grandma a new TV. This is what my Dad did to her remote.”

SYNC DEMO “We bought Grandma a new TV. This is what my Dad did to her remote.”
Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio

Patterns & practices Symposium 2013 Windows Azure Active Directory Vittorio
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Build 2015 4/16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /16/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
DISCLAIMER DON’T PANIC These frameworks are still supported.

DISCLAIMER DON’T PANIC These frameworks are still supported.
Fraser Technical Solutions, LLC

Fraser Technical Solutions, LLC
Visual Studio Load Test Web Service Test Agent Pool - Dynamic Results database Worker Azure Blobs Azure Tables.

Visual Studio Load Test Web Service Test Agent Pool - Dynamic Results database Worker Azure Blobs Azure Tables.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.

Today, global enterprises run on Windows Server Active Directory 90% of US enterprises and 70% of international corporations use Active Directory.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )

First Look Clinic: What’s New for IT Professionals in Microsoft® SharePoint® Server 2013 Sayed Ali (MCTS, MCITP, MCT, MCSA, MCSE )
ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.

ARC312. Security Policy Governance Audit Reporting Analysis Data Quality Directory Logon Mobility Provisioning Development Access Control Authentication.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
What’s New? – BCS 2013 Brett Lonsdale.  Co-founder of Lightning Tools  One of the hosts on the SharePoint Pod Show  Co-organizer of SharePoint Saturday.

What’s New? – BCS 2013 Brett Lonsdale.  Co-founder of Lightning Tools  One of the hosts on the SharePoint Pod Show  Co-organizer of SharePoint Saturday.
Windows Azure Active Directory Graph API

Windows Azure Active Directory Graph API
Windows 8 Application Microsoft Word with Apps For Office Internal O365 SharePoint Site Windows Azure Cloud Services Windows Azure Workflow Server.

Windows 8 Application Microsoft Word with Apps For Office Internal O365 SharePoint Site Windows Azure Cloud Services Windows Azure Workflow Server.

Similar presentations

Ads by Google