101 ways to authenticate with Azure Active Directory

Protocols Use cases Saa. S Access Panel OWIN WIF ADAL

Dir. Sync AAD Proxy AADSync MFA AD Connect

86% of Fortune 500 companies on Microsoft Cloud (Azure, O 365, CRM Online and

http: //blogs. technet. com/b/askpfeplat/

Browser Web application Web API Native app Server app Clients using wide variety of

Browser Native app WS-Fed, SAML 2. 0, Open. ID Connect OAuth 2. 0 Web

OWIN WIF (All) (WS Federation) ADAL (Open. ID Connect / OAuth)

Supported with new protocols being added Supported WS Fed / Open. ID Connect /

SDK available on multiple platforms . NET, i. OS, Java. Script, Android, Node. JS,

string client. Id = "[Enter client ID as obtained from Azure Portal]"; string authority

AAD as an IDP Can federate with 3 rd party application in Gallery e.

passport-azure-ad is a collection of Passport strategies to help you integrate with Azure Active

https: //identitytest. datacomcc. com/Account/Sign. In? Return. Url=/issue/wsfe d? wa=wsignin 1. 0&wtrealm=http: //dslfimad. dslfim. local/adf

- https: //github. com/Azure. AD/passport-azure-ad/

1 O 365 and Azure Active Directory Premium M 315 - Wed 10: 40

© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are

Slides: 64

Download presentation

101 ways to authenticate with Azure Active Directory Rory Braybrook M 338

Protocols Use cases Saa. S Access Panel OWIN WIF ADAL

Dir. Sync AAD Proxy AADSync MFA AD Connect

86% of Fortune 500 companies on Microsoft Cloud (Azure, O 365, CRM Online and Power. BI) Azure AD manages identity data for >5 M organizations 1 Trillion 50 M Azure AD authentications since the release of the service Office 365 users active every month More than 500 M objects hosted on Azure Active Directory >1 Billion authentications every day on Azure AD

http: //blogs. technet. com/b/askpfeplat/

http: //blogs. technet. com/b/askpfeplat/

http: //blogs. technet. com/b/askpfeplat/

Browser Web application Web API Native app Server app Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages video. ch 9. ms/teched/2012/na/SIA 209. pptx

Browser Native app WS-Fed, SAML 2. 0, Open. ID Connect OAuth 2. 0 Web application OAuth 2. 0 Web API Server app OAuth 2. 0 Standard-based, http-based protocols for maximum platform reach video. ch 9. ms/teched/2012/na/SIA 209. pptx

OWIN WIF (All) (WS Federation) ADAL (Open. ID Connect / OAuth)

Supported with new protocols being added Supported WS Fed / Open. ID Connect / OAuth 2 / SAML-P (Community) WS Fed / SAML-P CTP (deprecated) Invoked via code ASP. NET pipeline Easy to do with VS 2013/15 Have to “retro-fit” from template or use VS 2010/12 JWT token XML token Microsoft. OWIN System. Identity. Model

SDK available on multiple platforms . NET, i. OS, Java. Script, Android, Node. JS, Java, Windows Store, Windows Phone etc. Caching and automatic refresh token Asynchronous support Basis of Graph API and Azure Management Library Now open source

string client. Id = "[Enter client ID as obtained from Azure Portal]"; string authority = "https: //login. windows. net/[your tenant name]"; string my. URI = "[Enter App ID URI of your service]"; Authentication. Context auth. Context = new Authentication. Context(authority); Authentication. Result result = await auth. Context. Acquire. Token. Async(my. URI, client. Id);

AAD as an IDP Can federate with 3 rd party application in Gallery e. g. Sales. Force Can federate with 3 rd party application not in Gallery via the Access Panel / Custom / SAML-P Can user name and password via the Access Panel e. g. Twitter Can federate with e. g. ADFS via metadata

passport-azure-ad is a collection of Passport strategies to help you integrate with Azure Active Directory Includes Open. ID Connect, WSFederation, and SAML-P authentication and authorization Lets you integrate your Node app with Microsoft Azure AD so you can use web single sign-on (Web. SSO), Endpoint Protection with OAuth, and JWT token issuance and validation

https: //identitytest. datacomcc. com/Account/Sign. In? Return. Url=/issue/wsfe d? wa=wsignin 1. 0&wtrealm=http: //dslfimad. dslfim. local/adf s/services/trust&wctx=00 cacd 9 f-0 aae-434 a-b 057 f 1 bfc 0 d 5 f 1 f 3&wct=2014 -08 -12 T 20: 31: 58 Z

- https: //github. com/Azure. AD/passport-azure-ad/

1 O 365 and Azure Active Directory Premium M 315 - Wed 10: 40 AM Ballroom 2 2 Enabling AAD to Embrace Windows 10 3 Identity Management in O 365 M 326 - Wed 3: 10 PM New Zealand 1 M 362 - Thu 4: 30 PM New Zealand 1 Find me later at… § Closing drinks Fri 3: 00 -4: 30 pm

Free Online Learning http: //aka. ms/mva Subscribe to our fortnightly newsletter http: //aka. ms/technetnz http: //aka. ms/msdnnz Sessions on Demand http: //aka. ms/ch 9 nz

© 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.