101 ways to authenticate with Azure Active Directory Rory Braybrook M338

For cloud authentication, Azure Active Directory has you covered

OverviewProtocol

Use cases

ADALWIF

Access Panel

DirSync

AADSync

AD Connec

AAD Proxy

Won’t be covering

1 TrillionAzure AD authentications since the release of the service

50 MOffice 365 users active every month

>1 Billion authentications every day on Azure AD

More than

objects hosted on Azure Active Directory

Azure AD manages identity data for

>5 M organizations

86% of Fortune 500 companies on Microsoft Cloud (Azure, O365, CRM Online and PowerBI)

Azure AD by the Numbers

Every Office 365 and Microsoft Azure customeruses Azure Active directory

The Protocols

Protocols

SAML-P 2.0

WS Federation

OAuth2

OpenID Connect

WS Federation

http://blogs.technet.com/b/askpfeplat/

WS Federation

SAML token attributes

SAML-P

OAuth2

Manipulate AAD using API

AAD Use token in REST call to

endpoint

Token issue

Use OAuth endpoint to get token

OAuth2 token

Access token

ID token (OpenID Connect)

Refresh token

Use cases

Authentication scenarios

Clients using wide variety of

devices/languages/platforms

Server applications using wide variety of

platforms/languages

Browser

Native app

Server app

Web applicatio

Web API

video.ch9.ms/teched/2012/na/SIA209.pptx

Authentication scenarios

Browser

Native app

Server app

Web applicatio

Web API

Standard-based, http-based protocols for maximum platform reach

WS-Fed, SAML 2.0, OpenID

Connect

OAuth 2.0

video.ch9.ms/teched/2012/na/SIA209.pptx

VS “Change Authentication”

Change authentication

OWIN(All)

WIF(WS Federation)

ADAL(OpenID Connect /

OAuth)

Wrappers around the protocols

Demo - Lap around AAD Applications

Demo - OWIN – OpenID Connect / WS Federation

Demo – WIF - WS Federation

Open Web Interface for .NET (OWIN) (Identity) vs Windows Identity Foundation (WIF)

OWIN ID Supported with new protocols being added

WS Fed / OpenID Connect / OAuth2 / SAML-P (Community)

Invoked via code

Easy to do with VS 2013/15

JWT token

Microsoft.OWIN

WIFSupported

WS Fed / SAML-P CTP (deprecated)

ASP.NET pipeline

Have to “retro-fit” from template or use VS 2010/12

XML token

System.IdentityModel

Active Directory Authentication Library (ADAL)

ADAL Mission statement

The Active Directory Authentication Library (ADAL) is a library meant to help developers to take advantage of

Azure Active Directory for enabling client applications to access protected resources

SDK available on multiple platforms

.NET, iOS, JavaScript,

Android, Node.JS, Java, Windows Store, Windows

Phone etc.

Caching and automatic refresh

Asynchronous support

Basis of Graph API and Azure

Management Library

Now open source

Active Directory Authentication Library

string clientId = "[Enter client ID as obtained from Azure Portal]";string authority = "https://login.windows.net/[your tenant name]";string myURI = "[Enter App ID URI of your service]";

AuthenticationContext authContext = new AuthenticationContext(authority);AuthenticationResult result = await authContext.AcquireTokenAsync(myURI, clientId);

Demo – Graph API via ADAL with Groups

Social

Azure AD as an IDP

AAD as an IDP

Can federate with 3rd party application not in Gallery via the Access Panel / Custom /

SAML-P

Can use user name and password via the Access

Panel e.g. Twitter

Can federate with 3rd party application in Gallery e.g.

SalesForce

Can federate with e.g. ADFS via metadata

Demo – Lap around AAD external applications and the Access Panel

Azure AD Passport.js

passport-azure-ad is a collection of Passport strategies to help you integrate with Azure Active Directory

Includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization

Lets you integrate your Node app with Microsoft Azure AD so you can use web single sign-on (WebSSO), Endpoint Protection with OAuth, and JWT token issuance and validation

Windows 10

https://identity-test.datacomcc.com/Account/SignIn?ReturnUrl=/issue/wsfed?wa=wsignin1.0&wtrealm=http://dslfimad.dslfim.local/adfs/services/trust&wctx=00cacd9f-0aae-434a-b057-f1bfc0d5f1f3&wct=2014-08-12T20:31:58Z

For cloud authentication, Azure Active Directory has you covered

Resources

Azure blog - http://azure.microsoft.com/blog/

Ask Premier Field Engineering - http://blogs.technet.com/b/askpfeplat/

Active Directory Team blog - http://blogs.technet.com/b/ad/

Active Directory Passport plug-in - https://github.com/AzureAD/passport-azure-ad/

Microsoft Azure Active Directory Samples and Documentation - https://github.com/AzureADSamples/

Cloud Identity Infographic - http://azure.microsoft.com/en-us/documentation/infographics/cloud-identity-and-access/

Graph Explorer - https://graphexplorer.cloudapp.net/

Related Ignite NZ SessionsO365 and Azure Active Directory Premium M315 - Wed 10:40 AM Ballroom 2

Identity Management in O365M362 - Thu 4:30 PM New Zealand 1

Find me later at… Closing drinks Fri 3:00-4:30pm1

2 Enabling AAD to Embrace Windows 10M326 - Wed 3:10 PM New Zealand 1

Resources

TechNet & MSDN FlashSubscribe to our fortnightly newsletter

http://aka.ms/technetnz http://aka.ms/msdnnz

http://aka.ms/ch9nz

Microsoft Virtual AcademyFree Online Learning

http://aka.ms/mva

Sessions on Demand

Complete your session evaluation now and be in to win!

other countries.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

101 ways to authenticate with Azure Active Directory Rory Braybrook M338

Documents

Rory Ann Fletchers

crypto pki authenticate - Cisco

Kaufland Australia Proposed store Braybrook, …...Kaufland Australia Proposed store – Braybrook, Melbourne Economic Impact Assessment 1 Executive summary The Supermarkets & Grocery

Rory Nichol CV

Identify, Authenticate and Characterize Rickettsia prowazekii authenticate and characterize... · Identify, Authenticate and Characterize Rickettsia prowazekii. D.R. Merrill. 1, J

Rory Price Catalogue

How to Authenticate using MAC Address

School Name: Braybrook College (7645)

Intel® Authenticate – Integration Guide for Microsoft SCCM · PDF fileIntel®Authenticate–IntegrationGuideforMicrosoft*SCCM ii LegalNoticesandDisclaimers

18 Cranwell St Braybrook (Melbourne) AUSTRALIA 3019 …xlt-systems.com/IMAGES/PMD-Sprocket-Catalogue-09.pdf · 18 Cranwell St Braybrook (Melbourne) AUSTRALIA 3019 P: +613 9318 6333

About Rory tringali

My Story Rory Connolly

Christopher Rory Photography

EXPRESSION OF INTEREST Braybrook Early Learning Centre

Desafio Rory

IABC social media for government by Jeff Braybrook

DigiMar - Rory Witt

We’re all about opening up opportunities€¦ · Bacchus Marsh 164 Main Street Bacchus Marsh VIC 3340 4411 8701 Braybrook Ravenhall St Braybrook VIC 3019 9313 0800 Melton 1 Collins

18 Cranwell St Braybrook (Melbourne) AUSTRALIA 3019 F: +613 … · 2017. 4. 21. · 18 Cranwell St Braybrook (Melbourne) AUSTRALIA 3019 P: +613 9318 6333 F: +613 9318 3228 E: paul@pmdinter.com.au

Authenticate everywhere - cisco.com · Authenticate everywhere modern security starts with identity GyorgyAcs Security Consulting Systems Engineer Cisco ConnectSlovenija2019