SlideShare a Scribd company logo

Using Windows Azure for Solving Identity Management Challenges

Download as PPTX, PDF
Michael Collier
Michael Collier
Technology
1 of 38
Using Windows Azure for Solving Identity Management Challenges Michael S. Collier
Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
Platinum Sponsors Gold Sponsors
What We’re Talking About • Identity - Current State and in The Cloud • Windows Azure solutions • Mobile Services • Access Control Service (ACS) • Windows Azure Active Directory 6
Who Are You? • Personalization • Business Rules • Functionality / Features 7
Traditional Identity Management • IT Pro – controls the known world • Developers – blissfully ignorant? 8 AD SQL My Enterprise LOB App
Cloud . . . A New Challenge • Move the application & data • Islands of identity • Outside of “traditional” IT world • External users / partners • BYOD • Developers ignorant no more • Developers + IT Pros 9
10 Windows Azure Options Mobile Services Active Directory Access Control Service (ACS) Server Active Directory AD w/ DirSync
Mobile Services • Goal – easily build cloud-powered mobile apps • Built-in support for multiple social identity providers 11 private async System.Threading.Tasks.Task Authenticate() { while (user == null) { string message; try { user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.Twitter); message = string.Format("You are now logged in - {0}", user.UserId); CurrentUser.Text = "Welcome, " + App.MobileService.CurrentUser.UserId; } catch (InvalidOperationException) { message = "You must log in. Login Required"; } var dialog = new MessageDialog(message); dialog.Commands.Add(new UICommand("OK")); await dialog.ShowAsync(); } } Facebook Google MicrosoftAccount Twitter
Mobile Services 12
Authentication • Microsoft Account, Facebook, Twitter, and Google • OAuth • Does not use Windows Azure ACS
Authentication • Microsoft Account – Use the Live SDK • Tight integration with Windows Live services
More Mobile Services? • Programming Windows Azure Mobile Services • Jason Farrell • Wednesday at 10:30am • Portia 15
Access Control Service (ACS) • Federated identity/authentication service • Google, Microsoft Account, Yahoo!, ADFS v2 • Bring your own membership • Claims-based authorization • Browser based (302 redirect) • Focus on your app 16
DEMO TIME!!! Access Control Service (ACS)
ACS Tips • Enrich claims w/ a ClaimsAuthenticationManager • Update WIF settings in web.config in OnStart() • Web Farm Ready Cookies • Web Sites and Cloud Services • DPAPI not supported in Windows Azure • Provide sign-out link for identity providers • Azure co-admin can’t admin ACS namespace 31
Windows Azure Active Directory • Internet scale, multi-tenant directory service • Directory store for Office 365 • Extend Windows Server AD to the cloud • Directory & identity services w/o need for Windows Server AD 32 Active Directory O365 Account Portal Intune Account Portal Windows Azure Mgmt Portal Azure AD PowerShell cmdlets
Windows Azure Active Directory • Multi-tenant “directory-as-a-service” • NOT a cloud version of Windows Server AD 33 Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspx
Windows Azure Active Directory 34 Windows Azure Management Portal REST API SAML-P O-Auth WS-Federation Integration / Management Endpoints Windows Azure Active Directory
Windows Azure Active Directory 35 Integration / Management Endpoints
Windows Azure Active Directory • What’s in the directory? • Everything is an object • Types: User, Group, Role, Application, Device, etc. 36
WAAD Graph Response <?xml version="1.0" encoding="utf-8"?> <feed xml:base="https://graph.windows.net/collierdemo.onmicrosoft.com/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml"> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User</id> <title type="text">Microsoft.WindowsAzure.ActiveDirectory.User</title> <updated>2013-03-21T00:58:34Z</updated> <link rel="self" title="Microsoft.WindowsAzure.ActiveDirectory.User" href="Microsoft.WindowsAzure.ActiveDirectory.User" /> <entry> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6</id> <category term="Microsoft.WindowsAzure.ActiveDirectory.User" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" /> <link rel="edit" title="User" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/manager" type="application/atom+xml;type=entry" title="manager" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/manager" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/directReports" type="application/atom+xml;type=feed" title="directReports" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/directReports" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/members" type="application/atom+xml;type=feed" title="members" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/members" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/memberOf" type="application/atom+xml;type=feed" title="memberOf" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/memberOf" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/permissions" type="application/atom+xml;type=feed" title="permissions" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/permissions" /> 37
WAAD Graph Response 38 <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/edit-media/thumbnailPhoto" title="thumbnailPhoto" href="directoryObjects/23dc9514-64ec- 4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/thumbnailPhoto" /> <m:action metadata="https://graph.windows.net/michaelcollier.onmicrosoft.com/$metadata#DirectoryDataService.assignLicense" title="assignLicense" target="https://graph.windows.net/collierdemo.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/assignLicense" /> <content type="application/xml"> <m:properties> <d:objectType>User</d:objectType> <d:objectId>23dc9514-64ec-4c94-8f03-4edf9016b2a6</d:objectId> <d:accountEnabled m:type="Edm.Boolean">true</d:accountEnabled> <d:assignedLicenses m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedLicense)" /> <d:assignedPlans m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedPlan)" /> <d:city m:null="true" /> <d:displayName>Michael Collier</d:displayName> <d:givenName>Michael</d:givenName> <d:mailNickname>michael</d:mailNickname> <d:mobile>+1 6142883146</d:mobile> <d:otherMails m:type="Collection(Edm.String)"> <d:element>michaelscollier@gmail.com</d:element> </d:otherMails> <d:userPrincipalName>michael@collierdemo.onmicrosoft.com</d:userPrincipalName> </m:properties> </content> </entry> </feed> * Some elements removed for readability.
Graph API Helpers • REST interface for WAAD • Graph Explorer: https://graphexplorer.cloudapp.net/ • AAD Helper: http://code.msdn.microsoft.com/Windows- Azure-AD-Graph-API-a8c72e18 • Active Directory Authentication Library (ADAL) • https://www.nuget.org/packages/System.IdentityModel.Client s.ActiveDirectory/ • http://www.cloudidentity.com/blog/2013/08/02/aal-becomes- adal-active-directory-authentication-library/ • Formerly Azure Authentication Library (AAL) 39
WAAD Authentication • Authentication for cloud-based & native apps • Permissions • SSO, Read Data, Read & Write Data • Applies to the APPLICATION, not the user 40
DEMO TIME!!! Windows Azure AD – Single Sign-On, Web API, and Windows Store
WAAD and the Enterprise 59 AD SQL My Enterprise LOB App
WAAD and the Enterprise 60 • Passwords sync every 2 minutes • Users sync every 3 hours My Enterprise DirSync LOB App SQL
Where Does the Authentication Happen? 61 Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least • Least • Some limitation • Some limitations • Most Directory Source of Authority • Cloud • Cloud • On-premises • On-premises • On-premises Hardware requirements • No additional hardware required • No additional hardware required • Windows Server OS for DirSync appliance • Windows Server OS for DirSync appliance • DirSync appliance • ADFS (or other STS) deployment IDP • Cloud • Cloud • Cloud • Cloud • On-premises User login experience • Disjoint username and password • Enter credentials twice • Disjoint username and password • Enter credentials twice • Same username, disjoint password • Enter credentials twice • Same username and password for on-prem and cloud • Enter credentials twice • Same username and password for on-prem and cloud • Login once if on- premises Complexity • Low • Medium • Low • Low • High Table Source: Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory, Ross Adams & Jono Luk – TechEd NA 2013
DEMO TIME!!! Windows Azure Active Directory w/ DirSync
Going Further with Windows Azure AD • Multitenant applications • Leverage identity from other WAAD tenants • http://www.windowsazure.com/en- us/develop/net/tutorials/multitenant-apps-for-active- directory/ • Phone 2FA (Multi-Factor Authentication) • Additional administrative users • Username/pwd + text message code 63
Summary • Developers, Architects, & IT Pros work together • Mobile Services • Quickly add Identity Providers via portal config and code • ACS • Federated identity authentication • Claims-based authorization • Windows Azure AD • “Extends” Windows Server AD to the cloud • Query via REST graph API 64
Helpful Resources • Mobile Services • Handling Expired Tokens - http://www.thejoyofcode.com/Handling_expired_tokens_in_your_application_Day_11_.aspx • Carlos Figueira’s Blog - http://blogs.msdn.com/b/carlosfigueira/ • ACS • Cheat Sheet – http://bit.ly/ACSCheatSheet • How To’s – http://bit.ly/ACSHowTo • Tips – http://bit.ly/HYhxjY • Azure Active Directory • “Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory”, Ross Adams & Jono Luk – TechEd NA 2013 • “Deep Dive into the Windows Azure Active Directory Graph API: Data Model, Schema, Query, and More”, Edward Wu – TechEd NA 2013 • Securing a Windows Store App and REST API using Windows Azure AD - http://msdn.microsoft.com/en-us/library/windowsazure/dn169448.aspx • Vittorio Bertocci’s Blog - http://www.cloudidentity.com/blog/ 65
Ask your questions
Thank You! • Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
August 11th – 13th 2014 Same Place, Same Time

Recommended

Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementMichael Collier
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure EnvironmentMichael Collier
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)Michael Collier
 

Recommended

Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementMichael Collier
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure EnvironmentMichael Collier
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)Michael Collier
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less CashMichael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldMichael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationMichael Collier
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD ConnectSasha Rosenbaum
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...Sandy Winarko
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 

More Related Content

What's hot

More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less CashMichael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldMichael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationMichael Collier
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...Sandy Winarko
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
 

What's hot (20)

More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the Field
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure Application
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update Management
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
 
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail
 

Similar to Using Windows Azure for Solving Identity Management Challenges

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365Marco Parenzan
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!Anco Stuij
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)Naoki (Neo) SATO
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 
#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecturepearce.alex
 
SPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud SolutionsSPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud SolutionsNCCOMMS
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two cloudsAndrew Siemer
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureKevin Grossnicklaus
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackWinWire Technologies Inc
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision IT
 

Similar to Using Windows Azure for Solving Identity Management Challenges (20)

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical Guide
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
SPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud SolutionsSPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud Solutions
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Microservices in Azure
Microservices in AzureMicroservices in Azure
Microservices in Azure
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
 

Recently uploaded

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Using Windows Azure for Solving Identity Management Challenges

  • 1. Using Windows Azure for Solving Identity Management Challenges Michael S. Collier
  • 2. Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
  • 4.
  • 5. What We’re Talking About • Identity - Current State and in The Cloud • Windows Azure solutions • Mobile Services • Access Control Service (ACS) • Windows Azure Active Directory 6
  • 6. Who Are You? • Personalization • Business Rules • Functionality / Features 7
  • 7. Traditional Identity Management • IT Pro – controls the known world • Developers – blissfully ignorant? 8 AD SQL My Enterprise LOB App
  • 8. Cloud . . . A New Challenge • Move the application & data • Islands of identity • Outside of “traditional” IT world • External users / partners • BYOD • Developers ignorant no more • Developers + IT Pros 9
  • 9. 10 Windows Azure Options Mobile Services Active Directory Access Control Service (ACS) Server Active Directory AD w/ DirSync
  • 10. Mobile Services • Goal – easily build cloud-powered mobile apps • Built-in support for multiple social identity providers 11 private async System.Threading.Tasks.Task Authenticate() { while (user == null) { string message; try { user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.Twitter); message = string.Format("You are now logged in - {0}", user.UserId); CurrentUser.Text = "Welcome, " + App.MobileService.CurrentUser.UserId; } catch (InvalidOperationException) { message = "You must log in. Login Required"; } var dialog = new MessageDialog(message); dialog.Commands.Add(new UICommand("OK")); await dialog.ShowAsync(); } } Facebook Google MicrosoftAccount Twitter
  • 12. Authentication • Microsoft Account, Facebook, Twitter, and Google • OAuth • Does not use Windows Azure ACS
  • 13. Authentication • Microsoft Account – Use the Live SDK • Tight integration with Windows Live services
  • 14. More Mobile Services? • Programming Windows Azure Mobile Services • Jason Farrell • Wednesday at 10:30am • Portia 15
  • 15. Access Control Service (ACS) • Federated identity/authentication service • Google, Microsoft Account, Yahoo!, ADFS v2 • Bring your own membership • Claims-based authorization • Browser based (302 redirect) • Focus on your app 16
  • 17. ACS Tips • Enrich claims w/ a ClaimsAuthenticationManager • Update WIF settings in web.config in OnStart() • Web Farm Ready Cookies • Web Sites and Cloud Services • DPAPI not supported in Windows Azure • Provide sign-out link for identity providers • Azure co-admin can’t admin ACS namespace 31
  • 18. Windows Azure Active Directory • Internet scale, multi-tenant directory service • Directory store for Office 365 • Extend Windows Server AD to the cloud • Directory & identity services w/o need for Windows Server AD 32 Active Directory O365 Account Portal Intune Account Portal Windows Azure Mgmt Portal Azure AD PowerShell cmdlets
  • 19. Windows Azure Active Directory • Multi-tenant “directory-as-a-service” • NOT a cloud version of Windows Server AD 33 Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspx
  • 20. Windows Azure Active Directory 34 Windows Azure Management Portal REST API SAML-P O-Auth WS-Federation Integration / Management Endpoints Windows Azure Active Directory
  • 21. Windows Azure Active Directory 35 Integration / Management Endpoints
  • 22. Windows Azure Active Directory • What’s in the directory? • Everything is an object • Types: User, Group, Role, Application, Device, etc. 36
  • 23. WAAD Graph Response <?xml version="1.0" encoding="utf-8"?> <feed xml:base="https://graph.windows.net/collierdemo.onmicrosoft.com/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml"> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User</id> <title type="text">Microsoft.WindowsAzure.ActiveDirectory.User</title> <updated>2013-03-21T00:58:34Z</updated> <link rel="self" title="Microsoft.WindowsAzure.ActiveDirectory.User" href="Microsoft.WindowsAzure.ActiveDirectory.User" /> <entry> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6</id> <category term="Microsoft.WindowsAzure.ActiveDirectory.User" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" /> <link rel="edit" title="User" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/manager" type="application/atom+xml;type=entry" title="manager" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/manager" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/directReports" type="application/atom+xml;type=feed" title="directReports" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/directReports" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/members" type="application/atom+xml;type=feed" title="members" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/members" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/memberOf" type="application/atom+xml;type=feed" title="memberOf" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/memberOf" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/permissions" type="application/atom+xml;type=feed" title="permissions" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/permissions" /> 37
  • 24. WAAD Graph Response 38 <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/edit-media/thumbnailPhoto" title="thumbnailPhoto" href="directoryObjects/23dc9514-64ec- 4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/thumbnailPhoto" /> <m:action metadata="https://graph.windows.net/michaelcollier.onmicrosoft.com/$metadata#DirectoryDataService.assignLicense" title="assignLicense" target="https://graph.windows.net/collierdemo.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/assignLicense" /> <content type="application/xml"> <m:properties> <d:objectType>User</d:objectType> <d:objectId>23dc9514-64ec-4c94-8f03-4edf9016b2a6</d:objectId> <d:accountEnabled m:type="Edm.Boolean">true</d:accountEnabled> <d:assignedLicenses m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedLicense)" /> <d:assignedPlans m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedPlan)" /> <d:city m:null="true" /> <d:displayName>Michael Collier</d:displayName> <d:givenName>Michael</d:givenName> <d:mailNickname>michael</d:mailNickname> <d:mobile>+1 6142883146</d:mobile> <d:otherMails m:type="Collection(Edm.String)"> <d:element>michaelscollier@gmail.com</d:element> </d:otherMails> <d:userPrincipalName>michael@collierdemo.onmicrosoft.com</d:userPrincipalName> </m:properties> </content> </entry> </feed> * Some elements removed for readability.
  • 25. Graph API Helpers • REST interface for WAAD • Graph Explorer: https://graphexplorer.cloudapp.net/ • AAD Helper: http://code.msdn.microsoft.com/Windows- Azure-AD-Graph-API-a8c72e18 • Active Directory Authentication Library (ADAL) • https://www.nuget.org/packages/System.IdentityModel.Client s.ActiveDirectory/ • http://www.cloudidentity.com/blog/2013/08/02/aal-becomes- adal-active-directory-authentication-library/ • Formerly Azure Authentication Library (AAL) 39
  • 26. WAAD Authentication • Authentication for cloud-based & native apps • Permissions • SSO, Read Data, Read & Write Data • Applies to the APPLICATION, not the user 40
  • 27. DEMO TIME!!! Windows Azure AD – Single Sign-On, Web API, and Windows Store
  • 28. WAAD and the Enterprise 59 AD SQL My Enterprise LOB App
  • 29. WAAD and the Enterprise 60 • Passwords sync every 2 minutes • Users sync every 3 hours My Enterprise DirSync LOB App SQL
  • 30. Where Does the Authentication Happen? 61 Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least • Least • Some limitation • Some limitations • Most Directory Source of Authority • Cloud • Cloud • On-premises • On-premises • On-premises Hardware requirements • No additional hardware required • No additional hardware required • Windows Server OS for DirSync appliance • Windows Server OS for DirSync appliance • DirSync appliance • ADFS (or other STS) deployment IDP • Cloud • Cloud • Cloud • Cloud • On-premises User login experience • Disjoint username and password • Enter credentials twice • Disjoint username and password • Enter credentials twice • Same username, disjoint password • Enter credentials twice • Same username and password for on-prem and cloud • Enter credentials twice • Same username and password for on-prem and cloud • Login once if on- premises Complexity • Low • Medium • Low • Low • High Table Source: Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory, Ross Adams & Jono Luk – TechEd NA 2013
  • 31. DEMO TIME!!! Windows Azure Active Directory w/ DirSync
  • 32. Going Further with Windows Azure AD • Multitenant applications • Leverage identity from other WAAD tenants • http://www.windowsazure.com/en- us/develop/net/tutorials/multitenant-apps-for-active- directory/ • Phone 2FA (Multi-Factor Authentication) • Additional administrative users • Username/pwd + text message code 63
  • 33. Summary • Developers, Architects, & IT Pros work together • Mobile Services • Quickly add Identity Providers via portal config and code • ACS • Federated identity authentication • Claims-based authorization • Windows Azure AD • “Extends” Windows Server AD to the cloud • Query via REST graph API 64
  • 34. Helpful Resources • Mobile Services • Handling Expired Tokens - http://www.thejoyofcode.com/Handling_expired_tokens_in_your_application_Day_11_.aspx • Carlos Figueira’s Blog - http://blogs.msdn.com/b/carlosfigueira/ • ACS • Cheat Sheet – http://bit.ly/ACSCheatSheet • How To’s – http://bit.ly/ACSHowTo • Tips – http://bit.ly/HYhxjY • Azure Active Directory • “Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory”, Ross Adams & Jono Luk – TechEd NA 2013 • “Deep Dive into the Windows Azure Active Directory Graph API: Data Model, Schema, Query, and More”, Edward Wu – TechEd NA 2013 • Securing a Windows Store App and REST API using Windows Azure AD - http://msdn.microsoft.com/en-us/library/windowsazure/dn169448.aspx • Vittorio Bertocci’s Blog - http://www.cloudidentity.com/blog/ 65
  • 36. Thank You! • Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
  • 37.
  • 38. August 11th – 13th 2014 Same Place, Same Time

Editor's Notes

  1. Title slide for anyone looking to use this years logo.
  2. Principal Cloud ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.
  3. Please take a brief opportunity and thank our platinum and gold sponsors. They have invested a lot of time and money into making That Conference the success it is.
  4. Nearly every application asks at least one simple question – who are you?PersonalizationBusiness rules (access to specific areas / functionality)
  5. MSFT Account – OAuth and integrated Windows Store app (SSO)
  6. OAuthRenders the OAuth web interface for the selected provider.
  7. Provide SSO for Windows 8 users
  8. Mobile Services helps w/ mobile apps, but what about web apps. We can leverage ACS.Authorization – your responsibility; use provided claims and map to your business rules
  9. With the somewhat more consumer offerings out of the way, let’s spend the rest of the time talking about enterprises.
  10. Accessibility options
  11. DirectoryObject is the base type for the following entity types: Application, Device,DirectoryLinkChange, Contact, Group, Role, ServicePrincipal, TenantDetail, and User.http://msdn.microsoft.com/en-us/library/windowsazure/jj134105.aspx
  12. Simple SSO for web appWeb API and Windows Store App - AAL
  13. Integration Options
  14. Show AD server and VM in cloudShow WAAD dir integrationChange user password . . . Wait for syncShow demo app
  15. Phone 2FA – formerly known as ‘Active Authentication’
  16. Windows Azure National ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.
  17. At the end of your presentation we would be grateful if you could help us announce next years date.