Windows Azure Active Directory Vittorio Bertocci vittoribMicrosoft com

Windows Azure Active Directory Vittorio Bertocci vittorib@Microsoft. com @vibronet patterns & practices Symposium 2013

directories offer the best model for business applications

traditional directories don’t work too well with cloud workloads

One Cloud Directory for Every Organization

Cloud Apps and Users from Organizations Apps you buy Your Lo. B Apps Your Directory Apps you sell Your Customers’ Directories

Agenda § § The Directory Pattern Directory in Action: Windows Azure for Organizations Your Directory and Line of Business Apps in the Cloud Your Customer’s Directory and your Saa. S Apps in the Cloud Symposium 2013

Directories Symposium 2013

The Directory Approach Direct Reports Member. Of Asset

Anatomy of Windows Azure Active Directory Management Portal Windows Azure Active Directory OAuth 2 SAML-P WS-Federation Graph API Metadata Dir Sync Contoso’s WA AD Tenant Contoso’s On-Premises Directory App

Directory in Action: Windows Azure for Organizations Symposium 2013

DEMO § Accessing the Windows Azure Portal With an Organizational Identity Symposium 2013

Advantages of Using Organizational Identities § § Centrally managed provisioning and deprovisioning Enforceable credential policies Multiple authentication factor Better User Experience § Less credentials to remember Symposium 2013

Your Directory and Your Lo. B Applications in the Cloud Symposium 2013

DEMO § Using the ASP. NET tools to connect to Windows Azure AD

Connecting your Lo. B App to Windows Azure AD Windows Azure Active Directory OAuth 2 SAML-P WS-Federation Graph API Metadata Contoso’s WA AD Tenant Your Lo. B App

The Graph API • RESTful Interface to Windows Azure Active Directory § Compatible with OData V 3 § Uses OAuth 2. 0 for Authentication and Role Based Assignment for Application and Users, for Authorization • Programmatic access to Windows Azure Active Directory § Objects such as Users, Groups, Contacts, Tenant Information, Licensing, Roles § Support Links such as Member, member. Of, Manager, Direct. Report § Differential queries • Requests use standard HTTP methods § GET, POST, PATCH, DELETE to create, read, update, and delete directory objects. § Response support XML and JSON, and standard HTTP status codes Symposium 2013

Your Customer’s Directory & Your Saa. S Apps in the Cloud Symposium 2013

DEMO § Seamless Consent for Saa. S Apps

The Application Publishing Flow Visual Studio Modify your app to - admit multiple tenants - handle consent messages Seller Dashboard Register your app in the Seller Hub - create keys, catalog entries… - paste keys back in the app code App Windows Azure AD Portal

DEMO § The Saa. S Application Publishing Cycle

Multi-tenancy and Consent Flow OAuth 2 SAML-P WS-Federation Service. Principal Fabrikam’s WA AD Tenant Metadata Management Portal Your Saa. S App Graph API Contoso’s WA AD Tenant

Resources § Get your free tenant at http: //g. microsoftonline. com/0 AX 00 en/5 § Download the samples and tutorials at https: //activedirectory. windowsazure. com/develop/ § Give us feedback at http: //social. msdn. microsoft. com/Forums/en. US/Windows. Azure. AD/ Symposium 2013

One Cloud Directory for Every Organization

Thanks! § vittorib@microsoft. com § @vibronet § http: //blogs. msdn. com/vbertocci Symposium 2013