Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building consumer apps with Azure AD B2C

Published byPhyllis Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "Building consumer apps with Azure AD B2C"— Presentation transcript:

1

2 Building consumer apps with Azure AD B2C
Chris Padgett CLD333

3 Agenda What and why of Azure AD B2C
Demo Create an Azure AD B2C directory Accounts, apps, auth and policies Demo Develop an Azure AD B2C app Account attributes, Graph API, pricing and what is next

4 What and why of Azure AD B2C

5 What is Azure AD B2C A consumer identity and access management service
Integrates across your modern platforms Highly available and scales to hundreds of millions of consumers Supports a customisable experience for consumers

6 Why B2C is same as B2E… but different
Consumer IDAM Enterprise IDAM A larger number of accounts with shorter sessions A smaller numbers of accounts with longer sessions More control of the identity data and lifecycle Less control of the identity data and lifecycle Expectation is a customer experience Actuality is an office experience The identity interactions are matched to a specific journey The identity interactions are matched to “work”

7 Demo: Create an Azure AD B2C directory

8 Accounts, apps, auth and policies

9 Consumer accounts Consumers can create new “local” accounts
With an address or a user ID Consumers can link existing external accounts From Amazon, Facebook, Google and LinkedIn All accounts can be protected using multi-factor authentication Local passwords can be reset using self-service password reset

10 App integration An app definition must be added to an Azure AD B2C directory Apps must be developed using the Azure AD v2.0 app model and ADAL v4 (experimental) Azure AD B2C supports OpenID Connect for web apps and OAuth 2.0 for native client apps The consumer experiences are described by policies

11 Authentication requests
GET ?response_type=code+id_token &client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 &redirect_uri=https%3A%2F%2Fwww.contoso.com%2F &scope=openid+offline_access &state=af0ifjsldkj &response_mode=form_post &nonce=n-0S6_WzA2Mj &p=b2c_1_sign_in

12 Multi-factor authentication
Policies Describe the sign up, sign in and profile editing experiences Include settings for UI customisations, identity providers, account attributes, token claims and multi-factor authentication Applications can be integrated with multiple policies of different types Polices are invoked using the "p" parameter for an authentication request Policy UI customisations Identity providers Account attributes Token claims Multi-factor authentication

13 Demo: Developing an Azure AD B2C app

14 Account attributes, Graph API, pricing and what is next

15 Account attributes Azure AD B2C contains a built-in set of attributes for accounts i.e. Given Name, Surname, City, etc. You can declare custom attributes for accounts e.g. FavouriteColour Custom attributes can be included in policies e.g. Collected during sign-up and issued during sign-in They can be managed using Azure AD Graph API

16 Graph API Enables management of consumer accounts and custom attributes Apps must be developed using the Azure AD v1.0 app model and ADAL v2 Invoked as an administrator account for interactive, run-once tasks or as a service account for background, continuous tasks Scenarios include hosting your own sign-up and migrating accounts from an existing directory to Azure AD B2C

17 Creating a new local account
POST Authorization: Bearer eyJhbGci... Content-Type: application/json { "accountEnabled": false, "alternativeSignInNamesInfo": [ "type": " Address", "value": } ], "creationType": "NameCoexistence", "displayName": "Chris Padgett", "mailNickname": "chris.padgett", "passwordProfile": { "password": "forceChangePasswordNextLogin": false }, "passwordPolicies": "DisablePasswordExpiration"

18 Pricing Free during the public preview
Usage will be billed based on the total number of both: Accounts: Users stored per month in the Azure AD B2C directory Authentications: Tokens issued per month for both authentication requests and refresh requests Multi-factor authentications: Billed per user or application A free tier will be available for developers The first 50,000 users stored per month and the first 50,000 tokens issued per month will be free Usage will be billed using a volume-based tiered model

19 Current preview limitations
Production apps aren’t supported Client Credentials and On-Behalf-Of grants aren’t supported Access tokens aren’t supported The sign-in, password reset and account verification experiences can only be customised using the company branding feature User administration is only supported in the current portal .NET, Android, iOS and NodeJS SDKs are only supported

20 What is next Custom domains Full UX customisations Localisation
More support for external identity providers New support for custom identity providers Sign-up hooks

21 Summary Your consumer apps create connections with consumers
Azure AD B2C is a highly available and massively scaled service for managing your consumers’ identities Azure AD B2C provides the identity interactions that match a consumer journey Policies are “the secret sauce” that specify the identity interactions

22 Complete your session evaluation on My Ignite for your chance to win one of many daily prizes.

23 Continue your Ignite learning path
Visit Channel 9 Read Azure AD B2C tutorials Discover Azure AD B2C samples Contribute on User Voice to the public preview

24

Download ppt "Building consumer apps with Azure AD B2C"

Similar presentations

Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
| Basel Discovering Windows Azure Mobile Services and Media Services Ken Casada

| Basel Discovering Windows Azure Mobile Services and Media Services Ken Casada
Google App Engine Google APIs OAuth Facebook Graph API

Google App Engine Google APIs OAuth Facebook Graph API
Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.

Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Cross Platform Mobile Backend with Mobile Services James

Cross Platform Mobile Backend with Mobile Services James
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
Windows Azure Conference 2014 Windows Azure AD – All about WAAD & integration with on- premises AD.

Windows Azure Conference 2014 Windows Azure AD – All about WAAD & integration with on- premises AD.
Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.

Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
External user invited This creates invitation in Access Request List Invitation email sent to guest with invitation URL Guest clicks URL. Verification.

External user invited This creates invitation in Access Request List Invitation sent to guest with invitation URL Guest clicks URL. Verification.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
The Social Web: An Implementer's Guide Google I/O 2009 27 May 2009 Google Moderator:

The Social Web: An Implementer's Guide Google I/O May 2009 Google Moderator:

Similar presentations

Ads by Google