Windows Azure Active Directory Vittorio Bertocci vittoribMicrosoft com
Windows Azure Active Directory Vittorio Bertocci vittorib@Microsoft. com @vibronet patterns & practices Symposium 2013
directories offer the best model for business applications
traditional directories don’t work too well with cloud workloads
One Cloud Directory for Every Organization
Cloud Apps and Users from Organizations Apps you buy Your Lo. B Apps Your Directory Apps you sell Your Customers’ Directories
Agenda § § The Directory Pattern Directory in Action: Windows Azure for Organizations Your Directory and Line of Business Apps in the Cloud Your Customer’s Directory and your Saa. S Apps in the Cloud Symposium 2013
Directories Symposium 2013
The Directory Approach Direct Reports Member. Of Asset
Anatomy of Windows Azure Active Directory Management Portal Windows Azure Active Directory OAuth 2 SAML-P WS-Federation Graph API Metadata Dir Sync Contoso’s WA AD Tenant Contoso’s On-Premises Directory App
Directory in Action: Windows Azure for Organizations Symposium 2013
DEMO § Accessing the Windows Azure Portal With an Organizational Identity Symposium 2013
Advantages of Using Organizational Identities § § Centrally managed provisioning and deprovisioning Enforceable credential policies Multiple authentication factor Better User Experience § Less credentials to remember Symposium 2013
Your Directory and Your Lo. B Applications in the Cloud Symposium 2013
DEMO § Using the ASP. NET tools to connect to Windows Azure AD
Connecting your Lo. B App to Windows Azure AD Windows Azure Active Directory OAuth 2 SAML-P WS-Federation Graph API Metadata Contoso’s WA AD Tenant Your Lo. B App
The Graph API • RESTful Interface to Windows Azure Active Directory § Compatible with OData V 3 § Uses OAuth 2. 0 for Authentication and Role Based Assignment for Application and Users, for Authorization • Programmatic access to Windows Azure Active Directory § Objects such as Users, Groups, Contacts, Tenant Information, Licensing, Roles § Support Links such as Member, member. Of, Manager, Direct. Report § Differential queries • Requests use standard HTTP methods § GET, POST, PATCH, DELETE to create, read, update, and delete directory objects. § Response support XML and JSON, and standard HTTP status codes Symposium 2013
Your Customer’s Directory & Your Saa. S Apps in the Cloud Symposium 2013
DEMO § Seamless Consent for Saa. S Apps
The Application Publishing Flow Visual Studio Modify your app to - admit multiple tenants - handle consent messages Seller Dashboard Register your app in the Seller Hub - create keys, catalog entries… - paste keys back in the app code App Windows Azure AD Portal
DEMO § The Saa. S Application Publishing Cycle
Multi-tenancy and Consent Flow OAuth 2 SAML-P WS-Federation Service. Principal Fabrikam’s WA AD Tenant Metadata Management Portal Your Saa. S App Graph API Contoso’s WA AD Tenant
Resources § Get your free tenant at http: //g. microsoftonline. com/0 AX 00 en/5 § Download the samples and tutorials at https: //activedirectory. windowsazure. com/develop/ § Give us feedback at http: //social. msdn. microsoft. com/Forums/en. US/Windows. Azure. AD/ Symposium 2013
One Cloud Directory for Every Organization
Thanks! § vittorib@microsoft. com § @vibronet § http: //blogs. msdn. com/vbertocci Symposium 2013
- Slides: 24