a developer's introduction to azure active directory b2c
TRANSCRIPT
A Developer’s Introduction to Azure Active Directory B2C
John GarlandPrincipal Consultant & InstructorWintellect@dotnetgator
HELLOmy name is
@ATLCODECAMPHTTPS://ATLANTACODECAMP.COM/2016
Platinum Sponsors
Gold Sponsors
About Me• Principal Consultant & Instructor at
ConsultingCustom software application development & architecture
Instructor Led TrainingMicrosoft’s #1 training vendor in DevDiv
On-Demand TrainingWorld class, subscription-based online training
• Author• Windows Store Apps Succinctly• Programming the Windows Runtime by Example
• Microsoft Azure MVP & Advisor
Why?• Identity is HARD and you want to
minimize your exposure to risk• You want to let your customers use
identities/credentials they already have• You want to collect specific information
about your users when they enroll• You have a consumer-facing app and
want to retain your own branding• You need mobile and web support
What Is AAD B2C?• Secure• Built on Azure Active Directory• You’re neither collecting nor managing passwords (and that’s a very good thing)
• Customizable• Let your users use AAD-backed tenant-specific credentials or a choice of external
Identity Providers (IdP’s)• Select/Configure/Customize sign-on profile values to collect• User Interface customization & branding
• Convenient• Streamlined development process compared to DIY
• Does not (yet) work with SPAs or Daemons (implicit grant flow)
Working with AAD B2CProvision a B2C
Tenant
Register One or More Applications
Define & Configure Policies
Configure Identity Providers
Select Identity Providers
Customize Data Collection
Define Custom User Attributes
Customize UI & Branding
Customize Claims
Configuring Policies• Provide settings that AAD uses to
build and govern the UI that is displayed to the user• Scenario-specific• Sign-up, Sign-in, Sign-up or Sign-In,
Profile Editing, Password Reset• Specified in the metadata request
endpointshttps://login.microsoftonline.com/
{tenant}/v2.0/.well-known/openid-configuration?
p={policy}
Identity Providers• Register your app with each desired
provider• Facebook, Google+, Microsoft, Amazon,
LinkedIn• “Local Accounts” (email or username)
• Each provider’s steps are different, see B2C documentation for individual instructions• Ultimately, you need to put “secret
values” into your B2C tenant’s configuration
ShinySide Up
PartsGetting StartedDEMO
Customizing Data Collection• Tenant• Define Custom attributes
• Policy• Selecting attributes to collect• Selecting claims to include• Customize Page UI• Mandatory/Optional• Input Type – Text, Radio, Dropdown
Single, Dropdown Multi
Customizing the User Interface• Adding branding to the AAD Page for Local Accounts• Localizable• Page Image• Banner Image• User name hint• Sign-in page text• Others…
• Custom Login Page• Specify a custom HTML page to be displayed• Reserve space for the “login box”• Provide a URL to the page• HTML/CSS only, no JavaScript
ShinySide Up
PartsCustomizing the User Interface
DEMO
PricingUsers Stored Per Month Price (USD)First 50,000 FreeNext 950,000 $0.0011Next 9,000,000 $0.0009Next 40,000,000 $0.0008More than 50,000,000 $0.0006Authentications Per Month Price (USD)First 50,000 FreeNext 950,000 $0.0028Next 9,000,000 $0.0021Next 40,000,000 $0.0014More than 50,000,000 $0.0007
* Usage charges are expected to being in early 2017
Currently FREE (*)
Resources• AAD General• Azure Active Directory developer’s guide - http://bit.ly/aad-devguide• Modern Authentication with Azure Active Directory for Web
Applications - http://bit.ly/aad-book• AAD B2C• About Azure Active Directory B2C - http://bit.ly/aadb2c-about • App Service Auth & AAD B2C post - http://bit.ly/aadb2c-appservices• Build 2016: Business-to-Consumer Identity Management with Azure
Active Directory B2C - http://bit.ly/aadb2c-build2016video• Ignite 2016: Modernize Your App’s Consumer Identity Management
with Azure AD B2C - http://bit.ly/aadb2c-ignite2016video• Sample Projects - http://bit.ly/aadb2c-sampleprojects• UserVoice - http://bit.ly/aadb2c-uservoice
Thank You!
John GarlandPrincipal Consultant & InstructorWintellect@dotnetgator
A link to these slides will be posted on Twitter with a reference to @ATLCodeCamp
Surveys and Prizes Please complete the session and event surveys!1 ticket per session survey1 ticket for the event survey1 ticket for completing the booth game
Drawing for prizes begins at 5pm in Q202