Presentation is loading. Please wait.

Presentation is loading. Please wait.

101 ways to authenticate with Azure Active Directory

Similar presentations


Presentation on theme: "101 ways to authenticate with Azure Active Directory"— Presentation transcript:

1

2 101 ways to authenticate with Azure Active Directory
Rory Braybrook M338

3

4 For cloud authentication, Azure Active Directory has you covered
Microsoft Ignite 2015 4/24/ :04 PM For cloud authentication, Azure Active Directory has you covered © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Overview Protocols Use cases OWIN ADAL WIF Access Panel SaaS

6 Won’t be covering DirSync AADSync AD Connect MFA AAD Proxy

7 Azure AD by the Numbers 86%
Azure AD manages identity data for >5 M organizations 86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI) More than 500 M objects hosted on Azure Active Directory 1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every day on Azure AD Every Office 365 and Microsoft Azure customer uses Azure Active directory

8 The Protocols

9 Protocols WS Federation SAML-P 2.0 OAuth2 OpenID Connect

10

11

12

13 WS Federation

14 WS Federation

15 WS Federation

16 WS Federation

17 WS Federation

18 SAML token attributes

19 SAML token attributes

20 SAML-P

21 SAML-P

22 SAML-P

23 SAML-P

24 SAML-P

25 OAuth2

26 OAuth2

27 OAuth2

28 OAuth2

29 OAuth2

30 Manipulate AAD using API
TechEd 2013 4/24/ :04 PM Manipulate AAD using API Use OAuth endpoint to get token AAD Use token in REST call to endpoint Token issued © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 ID token (OpenID Connect)
OAuth2 token Access token ID token (OpenID Connect) Refresh token

32 Use cases

33 Authentication scenarios
Browser Web application Web API js Native app Web API Web API Server app Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages video.ch9.ms/teched/2012/na/SIA209.pptx

34 Authentication scenarios
WS-Fed, SAML 2.0, OpenID Connect OAuth 2.0 Browser Web application Web API js OAuth 2.0 Native app OAuth 2.0 Web API Web API Server app OAuth 2.0 OAuth 2.0 Standard-based, http-based protocols for maximum platform reach video.ch9.ms/teched/2012/na/SIA209.pptx

35 VS “Change Authentication”

36 Demo - Lap around VS “Change Authentication”
Microsoft Ignite 2015 4/24/ :04 PM Demo - Lap around VS “Change Authentication” © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Change authentication

38 Change authentication

39 Wrappers around the protocols
OWIN (All) WIF (WS Federation) ADAL (OpenID Connect / OAuth)

40 Demo - Lap around AAD Applications
Microsoft Ignite 2015 4/24/ :04 PM Demo - Lap around AAD Applications © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 OWIN OpenID Connect app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() …. }

42 Demo - OWIN – OpenID Connect / WS Federation
Microsoft Ignite 2015 4/24/ :04 PM Demo - OWIN – OpenID Connect / WS Federation © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 Demo - OWIN – WS Federation

44 Demo – WIF - WS Federation

45 Open Web Interface for .NET (OWIN) (Identity) vs Windows Identity Foundation (WIF)

46 OWIN WIF Supported with new protocols being added
WS Fed / OpenID Connect / OAuth2 / SAML-P (Community) Invoked via code Easy to do with VS 2013/15 JWT token Microsoft.OWIN WIF Supported WS Fed / SAML-P CTP (deprecated) ASP.NET pipeline Have to “retro-fit” from template or use VS 2010/12 XML token System.IdentityModel

47 OWIN ID WIF Supported with new protocols being added
WS Fed / OpenID Connect / OAuth2 / SAML-P (Community) Invoked via code Easy to do with VS 2013/15 JWT token Microsoft.OWIN WIF Supported WS Fed / SAML-P CTP (deprecated) ASP.NET pipeline Have to “retro-fit” from template or use VS 2010/12 XML token System.IdentityModel

48 Active Directory Authentication Library (ADAL)

49 ADAL Mission statement
TechEd 2013 4/24/ :04 PM ADAL Mission statement The Active Directory Authentication Library (ADAL) is a library meant to help developers to take advantage of Azure Active Directory for enabling client applications to access protected resources © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

50 SDK available on multiple platforms
.NET, iOS, JavaScript, Android, Node.JS, Java, Windows Store, Windows Phone etc. Caching and automatic refresh token Asynchronous support Basis of Graph API and Azure Management Library Now open source

51 Active Directory Authentication Library
string clientId = "[Enter client ID as obtained from Azure Portal]"; string authority = " tenant name]"; string myURI = "[Enter App ID URI of your service]"; AuthenticationContext authContext = new AuthenticationContext(authority); AuthenticationResult result = await authContext.AcquireTokenAsync(myURI, clientId);

52 Demo – Graph API via ADAL with Groups

53 Social

54 ACS

55 IaaS

56 Azure AD as an IDP

57 AAD as an IDP Can federate with 3rd party application not in Gallery via the Access Panel / Custom / SAML-P Can use user name and password via the Access Panel e.g. Twitter Can federate with 3rd party application in Gallery e.g. SalesForce Can federate with e.g. ADFS via metadata

58 Demo – Lap around AAD external applications and the Access Panel

59 Azure AD Passport.js

60 passport-azure-ad is a collection of Passport strategies to help you integrate with Azure Active Directory Includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization Lets you integrate your Node app with Microsoft Azure AD so you can use web single sign-on (WebSSO), Endpoint Protection with OAuth, and JWT token issuance and validation

61 Windows 10

62 https://identity-test. datacomcc. com/Account/SignIn

63 For cloud authentication, Azure Active Directory has you covered
Microsoft Ignite 2015 4/24/ :04 PM For cloud authentication, Azure Active Directory has you covered © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

64 Resources Azure blog - http://azure.microsoft.com/blog/
Ask Premier Field Engineering - Active Directory Team blog - Active Directory Passport plug-in - Microsoft Azure Active Directory Samples and Documentation - Cloud Identity Infographic - Graph Explorer -

65 Related Ignite NZ Sessions
O365 and Azure Active Directory Premium M315 - Wed 10:40 AM Ballroom 2 1 Find me later at… Closing drinks Fri 3:00-4:30pm 2 Enabling AAD to Embrace Windows 10 M326 - Wed 3:10 PM New Zealand 1 3 Identity Management in O365 M362 - Thu 4:30 PM New Zealand 1

66 Resources Microsoft Virtual Academy TechNet & MSDN Flash
4/24/2017 Microsoft Virtual Academy Resources TechNet & MSDN Flash Free Online Learning Subscribe to our fortnightly newsletter Sessions on Demand © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

67 Complete your session evaluation now and be in to win!
4/24/ :04 PM Complete your session evaluation now and be in to win! © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

68 4/24/ :04 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "101 ways to authenticate with Azure Active Directory"

Similar presentations


Ads by Google