Azure Identity 6 Sep 2013

7/27/2019 Azure Identity 6 Sep 2013

1/16

1Copyright 2013 Tech Mahindra. All rights reserved.

Identity and Access


2/16


Agenda:

Identity Definition and Technology.

Role Based Identity

Claim Based Identity

Azure ACS Service

How is ACS and ADFS 2.0 Work together

Azure Active Directory Services

Demo


3/16


Identity

Identity is collection of information about entity.

Name

ID No

BiometricsE-Mail

PhotographAddress


4/16


Identity Technology

Azure support a wide range of Identity technology.

Windows Server Activity Directory.

SQL Server

Windows Identity Foundation (Claim based approach )

Open Id

Certificates Information Card


5/16


Identity on Cloud

Windows Azure Support both role based and claim based identity

management.

Identity Technology

Windows Domain Join (Role based )

User Name/

Password

Asp.net Forms Authentication (role based /

Claim based)

Claim Based Azure ACS (claim based)

Claim Based Azure Active Directory Services


6/16


Role based Identity

Credentials are map to an Identity.

Identity is member of one or more Role.

Application use Roles to authorize Identities.

Implementation is in Azure.


7/167Copyright 2013 Tech Mahindra. All rights reserved.

Web

RoleWorker

Role

SQLAzure

Sql

Server

On- Premise

Identity Store

Role Based ImplementationASP .NET Member Ship

Continue to use Form Basedauthentication

Scenario enabled :

Upload the DB to SQL Azure

Change the configuration toconnect Sql azure

Domain Join

Connect Plug in supportsdomain join of Windows

Azure Role to On- PremiseAD

Scenario Enabled :

Login to Azure instanceusing domain account.

Connect On -premise serverusing windowsauthentication.



Why Role based Authorization

Simple Scenario:

Easy migration of tradition application

Domain join Scenario

No Federation or SSO Required.



Claim based Identity

A Claim holds information relevant to the identity.

Each Claim has a type and issuer.

Application use claims to authorize identities.

Token is a collection of claim and are signed.

Security Token Service (STS) map Credential to a token.



Claim based approach

Secure Token Service

End User Claim Aware Application

Claim

Framework(WIF)

App Business

Logic

Configure :

Trust (Sign

key)

Configure :Claim rules

(Federation

Metadata0

1. Get Policy

4. AuthN(Claim)

5.Grant

Access



Why Claim based Identity Management

Claims provide a framework that can be consumed by all applications

regardless of their location

Allows the identity token to carry more information than just the user and group

memberships

Your trusted partners manage the identity and authentication of their users

The solution is based on industry standard protocols

Works for browsers and web services



Azure ACS

Provides Rules driven, claim based authorization.

Key Feature

Broad identity provider list

Ws- Trust and Ws- Federation protocol support.

Full integration with WIF

Configurable.



How is ACS and ADFS 2.0 Work together.

ADFS 2.0

End User

AuthNu

singkebrsoretckt

Web

Role

ACS

RP

IP

RP

IP

List of Identity

Provider

--1-

--2-

--3-

SAML



DEMO



Azure Active Directory ServicesWindows Azure Active Directory is modern cloud service providing

identity management and access control capabilities to cloud application.

Documents

Azure Identity 6 Sep 2013