SlideShare uma empresa Scribd logo

AAD B2C custom policies

Transferir como PPTX, PDF
R
Rory Braybrook

Presentation on Azure AD B2C custom policies

Tecnologia
1 de 32
A lap around Azure AD B2C custom policies Rory Braybrook Microsoft Identity Architect @rbrayb
Azure AD / Azure AD B2C  Azure AD  Company employees  On-premises AD synced to Azure AD via AAD Connect  Domain joined email address  Access to Azure SaaS e.g. Microsoft 365  5 guest users per Azure AD account
Azure AD / Azure AD B2C  Azure AD B2C  Customers  Not in on-premises AD  Any email address – Gmail / Hotmail  No access to SaaS  No AAD Connect
Azure AD B2C  Provides:  Self service registration (Sign up)  Sign in  Self service password reset  Self service profile edit  Zero help desk involvement  Scales to hundreds of millions of users  Priced appropriately – first 50,000 users free
Azure AD B2C protocols  In:  Open ID Connect (OAuth)  MSAL library - .NET / .NET Core / Java / iOS / Android / React / Mobile native …  Out  Open ID Connect (OAuth)  SAML 2.0  Various social providers – Facebook, Google, LinkedIn, Twitter …  Custom OpenID Connect  No WS-Federation currently
Built-in policies Demo
Custom policies  Allow user to customise journey? Passport? Driver’s licence?  ADFS 2.0 – “disaster”  Identity Experience Framework (IEF)  XML as code
Custom policies – getting started  Get started with custom policies in Azure Active Directory B2C  Starter pack
Custom policies – getting started  Starter pack
Create a tenant
IEF – setup applications  Create application registrations in Azure AD  Create applications in Azure AD B2C  Setup keys  Copy GUID’s in custom policy
IEF – custom policy upload  “Compiling”  Checks against xsd  Checks e.g. that declared “variables” have been defined
IEF Overview
IEF - BYOI
IEF Inheritance
Policy flow
Technical Profiles
Self-asserted TP  All interactions in AAD B2C where the user is expected to provide input are self-asserted technical profiles. For example, a sign-up page, sign-in page, or password reset page.  In a self-asserted technical profile, you can use the InputClaims and InputClaimsTransformations elements to prepopulate the value of the claims that appear on the self-asserted page (output claims).  Output claims  Collecting the output claims from the user  Setting a default value in an output claim  A validation technical profile returns the output claims  Output the claims via output claims transformation  Persisted claims  Used to persist the data to Azure AD B2C.
Validation TP  A validation technical profile is used for validating some or all of the output claims of the referencing technical profile.  Claims that are returned from a validation technical profile are added back to the claims bag. You can use those claims in the next validation technical profiles.
Claims transformation TP  A claims transformation technical profile enables you to call output claims transformations to manipulate claims values, validate claims, or set default values for a set of output claims.  Types  Boolean  Date  Integer  JSON  General  Social account  String  StringCollection
Claims transformation
Claims transformation TP - Example – Boolean <ClaimsTransformation Id="AssertAccountEnabledIsTrue" TransformationMethod="AssertBooleanClaimIsEqualToValue"> <InputClaims> <InputClaim ClaimTypeReferenceId="accountEnabled" TransformationClaimType="inputClaim" /> </InputClaims> <InputParameters> <InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" /> </InputParameters> </ClaimsTransformation>
Claims transformation TP - Example – String <ClaimsTransformation Id="ChangeToLower" TransformationMethod="ChangeCase"> <InputClaims> <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim1" /> </InputClaims> <InputParameters> <InputParameter Id="toCase" DataType="string" Value="LOWER" /> </InputParameters> <OutputClaims> <OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="outputClaim" /> </OutputClaims> </ClaimsTransformation>
User Journeys  User journeys specify explicit paths through which a policy allows a relying party application to obtain the desired claims for a user.  The user is taken through these paths to retrieve the claims that are to be presented to the relying party.  User journeys define the business logic of what an end user goes through as the Azure AD B2C IEF processes the request.  Series of steps – can be skipped  <OrchestrationStep Order="2" Type="ClaimsExchange">  <Preconditions>  <Precondition Type="ClaimsExist" ExecuteActionsIf="true">  <Value>objectId</Value>  <Action>SkipThisOrchestrationStep</Action>  </Precondition>
Relying Party  This specifies the user journey to enforce for the current request to Azure Active Directory (Azure AD) B2C.  It also specifies the list of claims that the relying party (RP) application needs as part of the issued token.  An RP application, such as a web, mobile, or desktop application, calls the RP policy file.  The RP policy file executes a specific task, such as signing in, resetting a password, or editing a profile.  Multiple applications can use the same RP policy and a single application can use multiple policies.  All RP applications receive the same token with claims, and the user goes through the same user journey.
Claims Providers  A claims provider contains a set of TP.  Every claims provider must have one or more technical profiles that determine the endpoints and the protocols needed to communicate with the claims provider.  A claims provider can have multiple technical profiles.
The flow  <RelyingParty> <DefaultUserJourney ReferenceId="SignUpOrSignIn" />  <UserJourney Id="SignUpOrSignIn">  <OrchestrationStep Order="1“ ContentDefinitionReferenceId="api.signuporsignin">  TP - SelfAsserted-LocalAccountSignin-Email  <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />  TP – Order=“2“ – LocalAccountSignUpWithLogonEmail  <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />  REST API  TP - Order=“3“ - AAD-UserReadUsingObjectId  TP - Order=“4“ – JwtIssuer  Extension attributes
IEF demo  Sign up not sign in relying party  Branding  User Journey with TP  Validate password using Troy Hunt’s “Pwned Password” via REST API
Built-in policy retrospective  Built-in policies are custom policies that can be downloaded but not uploaded
IEF utilities
Resources  Get started with custom policies in Azure Active Directory B2C  Gaining Expertise with Azure AD B2C course for developers  GitHub utilities  Azure AD B2C blog articles  Tips and tricks for working with custom policies in Azure AD B2C  Azure AD B2C documentation
AAD B2C custom policies

Recomendados

Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app modelBIWUG
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and AuthorizationEdin Kapic
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationEdin Kapic
 
High-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentHigh-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentEdin Kapic
 
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013NCCOMMS
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 

Recomendados

Office 365 api vs share point app model
Office 365 api vs share point app modelOffice 365 api vs share point app model
Office 365 api vs share point app modelBIWUG
 
SharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioSharePoint Saturday Toronto July 2012 - Antonio Maio
SharePoint Saturday Toronto July 2012 - Antonio MaioAntonioMaio2
 
Extending Authentication and Authorization
Extending Authentication and AuthorizationExtending Authentication and Authorization
Extending Authentication and AuthorizationEdin Kapic
 
ESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationESPC15 - Extending Authentication and Authorization
ESPC15 - Extending Authentication and AuthorizationEdin Kapic
 
High-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentHigh-Trust Add-Ins SharePoint for On-Premises Development
High-Trust Add-Ins SharePoint for On-Premises DevelopmentEdin Kapic
 
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013
SPCA2013 - Developing Provider-Hosted Apps for SharePoint 2013NCCOMMS
 
How Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointHow Claims is Changing the Way We Authenticate and Authorize in SharePoint
How Claims is Changing the Way We Authenticate and Authorize in SharePointAntonioMaio2
 
SharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationSharePoint Access Control and Claims Based Authentication
SharePoint Access Control and Claims Based AuthenticationJonathan Schultz
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Siebel eScript
Siebel eScriptSiebel eScript
Siebel eScriptEric Li
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Kashif Imran
 
Angular2
Angular2Angular2
Angular2kunalkumar376
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
SPS London 2015 - IoT and Room Reservation Cloud-Style
SPS London 2015 - IoT and Room Reservation Cloud-StyleSPS London 2015 - IoT and Room Reservation Cloud-Style
SPS London 2015 - IoT and Room Reservation Cloud-StyleEdin Kapic
 
Power Automate Techniques that "Saved Our Bacon"
Power Automate Techniques that "Saved Our Bacon"Power Automate Techniques that "Saved Our Bacon"
Power Automate Techniques that "Saved Our Bacon"Thomas Duff
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsSalesforce Developers
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architectgemziebeth
 
Oracle i procurement
Oracle i procurementOracle i procurement
Oracle i procurementPietro Prestia
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Vincent Biret
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)Kashif Imran
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
 
Dual Units Of Measure, Use, Benefits and Impact in Oracle application
Dual Units Of Measure, Use, Benefits and Impact in Oracle applicationDual Units Of Measure, Use, Benefits and Impact in Oracle application
Dual Units Of Measure, Use, Benefits and Impact in Oracle applicationiWare Logic Technologies Pvt. Ltd.
 
RESTful API Design Fundamentals
RESTful API Design FundamentalsRESTful API Design Fundamentals
RESTful API Design FundamentalsHüseyin BABAL
 
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...Mike Walker
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectTom Gersic
 
IDX API with Antonio
IDX API with AntonioIDX API with Antonio
IDX API with AntonioIDX Broker
 
Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Vinu Gunasekaran
 
Intro to AppExchange - Building Composite Apps
Intro to AppExchange - Building Composite AppsIntro to AppExchange - Building Composite Apps
Intro to AppExchange - Building Composite Appsdreamforce2006
 

Mais conteúdo relacionado

Mais procurados

Siebel eScript
Siebel eScriptSiebel eScript
Siebel eScriptEric Li
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Steve Sofian
 
Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Kashif Imran
 
Federation Services
Federation ServicesFederation Services
Federation ServicesEmpowerID
 
SPS London 2015 - IoT and Room Reservation Cloud-Style
SPS London 2015 - IoT and Room Reservation Cloud-StyleSPS London 2015 - IoT and Room Reservation Cloud-Style
SPS London 2015 - IoT and Room Reservation Cloud-StyleEdin Kapic
 
Power Automate Techniques that "Saved Our Bacon"
Power Automate Techniques that "Saved Our Bacon"Power Automate Techniques that "Saved Our Bacon"
Power Automate Techniques that "Saved Our Bacon"Thomas Duff
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsSalesforce Developers
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architectgemziebeth
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Vincent Biret
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)Kashif Imran
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB
 
Dual Units Of Measure, Use, Benefits and Impact in Oracle application
Dual Units Of Measure, Use, Benefits and Impact in Oracle applicationDual Units Of Measure, Use, Benefits and Impact in Oracle application
Dual Units Of Measure, Use, Benefits and Impact in Oracle applicationiWare Logic Technologies Pvt. Ltd.
 
RESTful API Design Fundamentals
RESTful API Design FundamentalsRESTful API Design Fundamentals
RESTful API Design FundamentalsHüseyin BABAL
 
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...Mike Walker
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connectDerek Binkley
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectTom Gersic
 
IDX API with Antonio
IDX API with AntonioIDX API with Antonio
IDX API with AntonioIDX Broker
 

Mais procurados (20)

Presentation
PresentationPresentation
Presentation
 
Siebel eScript
Siebel eScriptSiebel eScript
Siebel eScript
 
Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010Claims Based Identity In Share Point 2010
Claims Based Identity In Share Point 2010
 
Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365Develop iOS and Android apps with SharePoint/Office 365
Develop iOS and Android apps with SharePoint/Office 365
 
Angular2
Angular2Angular2
Angular2
 
Federation Services
Federation ServicesFederation Services
Federation Services
 
SPS London 2015 - IoT and Room Reservation Cloud-Style
SPS London 2015 - IoT and Room Reservation Cloud-StyleSPS London 2015 - IoT and Room Reservation Cloud-Style
SPS London 2015 - IoT and Room Reservation Cloud-Style
 
Power Automate Techniques that "Saved Our Bacon"
Power Automate Techniques that "Saved Our Bacon"Power Automate Techniques that "Saved Our Bacon"
Power Automate Techniques that "Saved Our Bacon"
 
Tour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration MethodsTour of Heroku + Salesforce Integration Methods
Tour of Heroku + Salesforce Integration Methods
 
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program ArchitectSalesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
Salesforce Backup, Restore & Archiving- Adam Best, Senior Program Architect
 
Oracle i procurement
Oracle i procurementOracle i procurement
Oracle i procurement
 
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)
 
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB StitchMongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
MongoDB.local Sydney: Evolving your Data Access with MongoDB Stitch
 
Dual Units Of Measure, Use, Benefits and Impact in Oracle application
Dual Units Of Measure, Use, Benefits and Impact in Oracle applicationDual Units Of Measure, Use, Benefits and Impact in Oracle application
Dual Units Of Measure, Use, Benefits and Impact in Oracle application
 
RESTful API Design Fundamentals
RESTful API Design FundamentalsRESTful API Design Fundamentals
RESTful API Design Fundamentals
 
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
 
Creating a Sign On with Open id connect
Creating a Sign On with Open id connectCreating a Sign On with Open id connect
Creating a Sign On with Open id connect
 
Web Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku ConnectWeb Apps for Salesforce with Heroku Connect
Web Apps for Salesforce with Heroku Connect
 
IDX API with Antonio
IDX API with AntonioIDX API with Antonio
IDX API with Antonio
 

Semelhante a AAD B2C custom policies

Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Vinu Gunasekaran
 
Intro to AppExchange - Building Composite Apps
Intro to AppExchange - Building Composite AppsIntro to AppExchange - Building Composite Apps
Intro to AppExchange - Building Composite Appsdreamforce2006
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughVinu Gunasekaran
 
SFDC Inbound Integrations
SFDC Inbound IntegrationsSFDC Inbound Integrations
SFDC Inbound IntegrationsSujit Kumar
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudTorin Sandall
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5Tieturi Oy
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Danny Jessee
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
 
CIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCloudIDSummit
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudDanny Jessee
 
Best salesforce training Institute in Hyderabad
Best salesforce training Institute in HyderabadBest salesforce training Institute in Hyderabad
Best salesforce training Institute in HyderabadN Benchmark IT Solutions
 
Jasigsakai12 columbia-customizes-cas
Jasigsakai12 columbia-customizes-casJasigsakai12 columbia-customizes-cas
Jasigsakai12 columbia-customizes-casellentuck
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...Nik Patel
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
 
Summer '16 Realease notes
Summer '16 Realease notesSummer '16 Realease notes
Summer '16 Realease notesaggopal1011
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?Oliver Pfaff
 
Module establish business data structure
Module establish business data structureModule establish business data structure
Module establish business data structureArshad Havaldar
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Joris Poelmans
 
Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...
Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...
Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...Lucas Jellema
 

Semelhante a AAD B2C custom policies (20)

Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1Azure AD B2C Webinar Series: Custom Policies Part 1
Azure AD B2C Webinar Series: Custom Policies Part 1
 
Intro to AppExchange - Building Composite Apps
Intro to AppExchange - Building Composite AppsIntro to AppExchange - Building Composite Apps
Intro to AppExchange - Building Composite Apps
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy WalkthroughAzure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
 
SFDC Inbound Integrations
SFDC Inbound IntegrationsSFDC Inbound Integrations
SFDC Inbound Integrations
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
 
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5TechDays 2013 Jari Kallonen: What's New WebForms 4.5
TechDays 2013 Jari Kallonen: What's New WebForms 4.5
 
Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010Claims-Based Identity in SharePoint 2010
Claims-Based Identity in SharePoint 2010
 
Community call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platformCommunity call: Develop multi tenant apps with the Microsoft identity platform
Community call: Develop multi tenant apps with the Microsoft identity platform
 
CIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIsCIS14: Enterprise Identity APIs
CIS14: Enterprise Identity APIs
 
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the CloudSharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud
 
Best salesforce training Institute in Hyderabad
Best salesforce training Institute in HyderabadBest salesforce training Institute in Hyderabad
Best salesforce training Institute in Hyderabad
 
Jasigsakai12 columbia-customizes-cas
Jasigsakai12 columbia-customizes-casJasigsakai12 columbia-customizes-cas
Jasigsakai12 columbia-customizes-cas
 
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
SharePoint Fest Chicago 2015 - Anatomy of configuring provider hosted add-in...
 
Security enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & KeycloakSecurity enforcement of Java Microservices with Apiman & Keycloak
Security enforcement of Java Microservices with Apiman & Keycloak
 
Summer '16 Realease notes
Summer '16 Realease notesSummer '16 Realease notes
Summer '16 Realease notes
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 
Module establish business data structure
Module establish business data structureModule establish business data structure
Module establish business data structure
 
Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011Claim Based Authentication in SharePoint 2010 for Community Day 2011
Claim Based Authentication in SharePoint 2010 for Community Day 2011
 
Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...
Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...
Castle in the Clouds: SaaS Enabling JavaServer™ Faces Applications (JavaOne 2...
 
Fm 2
Fm 2Fm 2
Fm 2
 

Último

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Último (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

AAD B2C custom policies

  • 1. A lap around Azure AD B2C custom policies Rory Braybrook Microsoft Identity Architect @rbrayb
  • 2. Azure AD / Azure AD B2C  Azure AD  Company employees  On-premises AD synced to Azure AD via AAD Connect  Domain joined email address  Access to Azure SaaS e.g. Microsoft 365  5 guest users per Azure AD account
  • 3. Azure AD / Azure AD B2C  Azure AD B2C  Customers  Not in on-premises AD  Any email address – Gmail / Hotmail  No access to SaaS  No AAD Connect
  • 4. Azure AD B2C  Provides:  Self service registration (Sign up)  Sign in  Self service password reset  Self service profile edit  Zero help desk involvement  Scales to hundreds of millions of users  Priced appropriately – first 50,000 users free
  • 5. Azure AD B2C protocols  In:  Open ID Connect (OAuth)  MSAL library - .NET / .NET Core / Java / iOS / Android / React / Mobile native …  Out  Open ID Connect (OAuth)  SAML 2.0  Various social providers – Facebook, Google, LinkedIn, Twitter …  Custom OpenID Connect  No WS-Federation currently
  • 7. Custom policies  Allow user to customise journey? Passport? Driver’s licence?  ADFS 2.0 – “disaster”  Identity Experience Framework (IEF)  XML as code
  • 8. Custom policies – getting started  Get started with custom policies in Azure Active Directory B2C  Starter pack
  • 9. Custom policies – getting started  Starter pack
  • 11. IEF – setup applications  Create application registrations in Azure AD  Create applications in Azure AD B2C  Setup keys  Copy GUID’s in custom policy
  • 12. IEF – custom policy upload  “Compiling”  Checks against xsd  Checks e.g. that declared “variables” have been defined
  • 18. Self-asserted TP  All interactions in AAD B2C where the user is expected to provide input are self-asserted technical profiles. For example, a sign-up page, sign-in page, or password reset page.  In a self-asserted technical profile, you can use the InputClaims and InputClaimsTransformations elements to prepopulate the value of the claims that appear on the self-asserted page (output claims).  Output claims  Collecting the output claims from the user  Setting a default value in an output claim  A validation technical profile returns the output claims  Output the claims via output claims transformation  Persisted claims  Used to persist the data to Azure AD B2C.
  • 19. Validation TP  A validation technical profile is used for validating some or all of the output claims of the referencing technical profile.  Claims that are returned from a validation technical profile are added back to the claims bag. You can use those claims in the next validation technical profiles.
  • 20. Claims transformation TP  A claims transformation technical profile enables you to call output claims transformations to manipulate claims values, validate claims, or set default values for a set of output claims.  Types  Boolean  Date  Integer  JSON  General  Social account  String  StringCollection
  • 22. Claims transformation TP - Example – Boolean <ClaimsTransformation Id="AssertAccountEnabledIsTrue" TransformationMethod="AssertBooleanClaimIsEqualToValue"> <InputClaims> <InputClaim ClaimTypeReferenceId="accountEnabled" TransformationClaimType="inputClaim" /> </InputClaims> <InputParameters> <InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" /> </InputParameters> </ClaimsTransformation>
  • 23. Claims transformation TP - Example – String <ClaimsTransformation Id="ChangeToLower" TransformationMethod="ChangeCase"> <InputClaims> <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="inputClaim1" /> </InputClaims> <InputParameters> <InputParameter Id="toCase" DataType="string" Value="LOWER" /> </InputParameters> <OutputClaims> <OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="outputClaim" /> </OutputClaims> </ClaimsTransformation>
  • 24. User Journeys  User journeys specify explicit paths through which a policy allows a relying party application to obtain the desired claims for a user.  The user is taken through these paths to retrieve the claims that are to be presented to the relying party.  User journeys define the business logic of what an end user goes through as the Azure AD B2C IEF processes the request.  Series of steps – can be skipped  <OrchestrationStep Order="2" Type="ClaimsExchange">  <Preconditions>  <Precondition Type="ClaimsExist" ExecuteActionsIf="true">  <Value>objectId</Value>  <Action>SkipThisOrchestrationStep</Action>  </Precondition>
  • 25. Relying Party  This specifies the user journey to enforce for the current request to Azure Active Directory (Azure AD) B2C.  It also specifies the list of claims that the relying party (RP) application needs as part of the issued token.  An RP application, such as a web, mobile, or desktop application, calls the RP policy file.  The RP policy file executes a specific task, such as signing in, resetting a password, or editing a profile.  Multiple applications can use the same RP policy and a single application can use multiple policies.  All RP applications receive the same token with claims, and the user goes through the same user journey.
  • 26. Claims Providers  A claims provider contains a set of TP.  Every claims provider must have one or more technical profiles that determine the endpoints and the protocols needed to communicate with the claims provider.  A claims provider can have multiple technical profiles.
  • 27. The flow  <RelyingParty> <DefaultUserJourney ReferenceId="SignUpOrSignIn" />  <UserJourney Id="SignUpOrSignIn">  <OrchestrationStep Order="1“ ContentDefinitionReferenceId="api.signuporsignin">  TP - SelfAsserted-LocalAccountSignin-Email  <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />  TP – Order=“2“ – LocalAccountSignUpWithLogonEmail  <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />  REST API  TP - Order=“3“ - AAD-UserReadUsingObjectId  TP - Order=“4“ – JwtIssuer  Extension attributes
  • 28. IEF demo  Sign up not sign in relying party  Branding  User Journey with TP  Validate password using Troy Hunt’s “Pwned Password” via REST API
  • 29. Built-in policy retrospective  Built-in policies are custom policies that can be downloaded but not uploaded
  • 31. Resources  Get started with custom policies in Azure Active Directory B2C  Gaining Expertise with Azure AD B2C course for developers  GitHub utilities  Azure AD B2C blog articles  Tips and tricks for working with custom policies in Azure AD B2C  Azure AD B2C documentation