This document summarizes the Azure Active Directory developer platform for managing identity and access. It discusses permissions and consent with Microsoft Graph, provisioning users and applications, and managing Azure AD. The platform provides a unified way to develop applications that integrate with Microsoft identity services through consistent APIs, libraries, and tools. It aims to simplify identity development across platforms and applications.
8. Microsoft Identity
Developing with Azure AD developer platform
Permissions and Consent
Managing Azure AD with Microsoft Graph
Provisioning
9. 1) Reach the users
you want
4) Reliable and
scalable identity
platform
3) Integrate using
the technology
you use
To be the very best identity development platform for all.
2) Develop a range
of apps
10. Rich information architecture
i.e. samples, tools & step-by-step guidance
One app registration portal, app API, & CLI
One set of libraries on key platforms
One standards-compliant endpoint
Components
11. updates
An app is an app is an app
Manage all your apps using the Azure Portal
Manage all your apps using Applications API in Microsoft Graph
You pick the library. Apps interoperate
ADAL & MSAL share one token cache
13. Details
Available today
Application registration portal
MSAL - .NET, iOS, Android, JavaScript
AAD audience
MSA audience
B2C audience
Flows
Public client
Single page application
Confidential client
Incremental consent
Azure AD Graph App API (Beta)
v2 protocol
In Progress (coming soon)
Azure Portal for all your apps
MSAL
GDPR compliance – configure PII
Unified cache between ADAL & MSAL
Embedded WebViews on iOS/Android/Xamarin
Call existing APIs extensibility
Flows
Call an existing web API
Create your own web API
Call more Microsoft APIs
User Name Password flow
Applications API in Microsoft Graph for all your apps
Standards compliant v2 protocol
14.
15. Microsoft Identity
Developing with Azure AD developer platform
Permissions and Consent
Managing Azure AD with Microsoft Graph
Provisioning
16. How customers decide to trust your apps with their data
Your responsibility when accessing customer data
Always follow guidelines and best practices
17. App
Scenario
Consent
Effective
Permissions
Get access on behalf of user
Users for self / IT admin for all users
Mobile / Web / SPA
Delegated Permissions
Permissions
granted to
app
App
AND
User
Permissions
granted to
app
Permissions
assigned to
user
Application Permissions
Service / Daemon
Get access as a service
Only by IT admin
18. How to request When is consent granted
First time using the app (by user or IT admin)
Proactively by IT admin
First time using the app (by user or IT admin)
Incrementally as users or IT admins access
more functionality in your app
Proactively by IT admin
App metadata in the portal
In your app at runtime
19.
20.
21. Adopt consent and authorization best
practices
http://aka.ms/GraphBestPractices
Show that you have been thoughtful
with your permission requests:
Provide Terms of Service and Privacy
Statement
22. Microsoft Identity
Developing with Azure AD developer platform
Permissions and Consent
Managing Azure AD with Microsoft Graph
Provisioning
23. your
Your app
Gateway
Your or your
customer’s
data
Office 365 Windows 10
Enterprise Mobility + Security
Azure Active Directory
1Microsoft Graph