windows azure active directory
DESCRIPTION
Windows Azure Active Directory. Vittorio Bertocci [email protected] @ vibronet. d irectories offer the best model for business applications. t raditional directories don’t work too well with cloud workloads. One Cloud Directory for Every Organization. - PowerPoint PPT PresentationTRANSCRIPT
patterns & practices Symposium 2013
Windows Azure Active Directory
Vittorio [email protected]
@vibronet
directories offer the best modelfor business applications
traditional directories don’t work too well
with cloud workloads
One Cloud Directory for Every Organization
Cloud Apps and Users from Organizations
Apps you buy Your LoB Apps Apps you sell
Your Customers’DirectoriesYour Directory
Symposium 2013
Agenda The Directory Pattern Directory in Action: Windows Azure for
Organizations Your Directory and Line of Business Apps in the
Cloud Your Customer’s Directory and your SaaS Apps in
the Cloud
Symposium 2013
Directories
Manage Authenticate
The Directory Approach
Direct Reports MemberOf
Asset
App
Contoso’s On-Premises Directory
Anatomy of Windows Azure Active Directory
Management Portal
AM
Graph API
OAuth2
SAML-P
WS-Federation
Metadata
Contoso’s WA AD Tenant
Windows Azure Active Directory
Dir S
ync
Symposium 2013
Directory in Action: Windows Azure for Organizations
Symposium 2013
DEMO Accessing the Windows Azure Portal With an
Organizational Identity
Symposium 2013
Advantages of Using Organizational Identities Centrally managed provisioning and
deprovisioning Enforceable credential policies Multiple authentication factor Better User Experience
Less credentials to remember
Symposium 2013
Your Directory and Your LoB Applications in the Cloud
Using the ASP.NET tools to connect to Windows Azure AD
DEMO
Windows Azure Active DirectoryOAuth2
SAML-P
WS-Federation
MetadataGraph API
Connecting your LoB App to Windows Azure AD
WIF Config
ServicePrincipal
Your LoB App
WIF Module
s
Contoso’s WA AD Tenant
Symposium 2013
The Graph API• RESTful Interface to Windows Azure Active Directory
Compatible with OData V3 Uses OAuth 2.0 for Authentication and Role Based Assignment for
Application and Users, for Authorization• Programmatic access to Windows Azure Active Directory
Objects such as Users, Groups, Contacts, Tenant Information, Licensing, Roles
Support Links such as Member, memberOf, Manager, DirectReport Differential queries
• Requests use standard HTTP methods GET, POST, PATCH, DELETE to create, read, update, and delete directory
objects. Response support XML and JSON, and standard HTTP status codes
Symposium 2013
Your Customer’s Directory & Your SaaS Apps in the Cloud
Seamless Consent for SaaS Apps
DEMO
The Application Publishing FlowVisual Studio
Modify your app to- admit multiple tenants- handle consent messages
Seller Dashboard
Register your app in the Seller Hub- create keys, catalog entries…- paste keys back in the app
code
App
Windows Azure AD Portal
The SaaS Application Publishing Cycle
DEMO
Windows Azure Active Directory
Graph API
OAuth2
SAML-P
WS-Federation
Metadata
Management Portal
Multi-tenancy and Consent FlowWIF Config
ServicePrincipal
Your SaaS App
WIF Module
s
Contoso’s WA AD Tenant
ServicePrincipal
Fabrikam’s WA AD Tenant
Consent
ModuleMultitenant
TokenHandler
MultitenantTokenHandler
Reference
Symposium 2013
Resources Get your free tenant at http://
g.microsoftonline.com/0AX00en/5 Download the samples and tutorials at
https://activedirectory.windowsazure.com/develop/
Give us feedback at http://social.msdn.microsoft.com/Forums/en-US/WindowsAzureAD/
One Cloud Directory for Every Organization
Symposium 2013
Thanks! [email protected] @vibronet http://blogs.msdn.com/vbertocci