Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Intelligent Cloud Conference: Azure AD B2C Application security made easy

22 views

Published on

The slides for my session at the Intelligent Cloud Conference in Copenhagen on April 10, 2019

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Intelligent Cloud Conference: Azure AD B2C Application security made easy

  1. 1. AZURE AD B2C: APPLICATION SECURITY MADE EASY
  2. 2. About me Sjoukje Zaal Principal Expert Microsoft / Azure MVP T: @SjoukjeZaal W: https://www.sjoukjezaal.com
  3. 3. Agenda What is AzureAD B2C andWhy should I use it? 01 Key Benefits and Capabilities • Demo 02 Flows & Policies • Demo 03 Identity Providers • Demo 04 Customize the UI • Demo 05
  4. 4. What is Azure Active Directory B2C? Azure AD B2C is an identity management service that enables you to customize and control how customers interact with your application.
  5. 5. Why use AzureActive Directory B2C? Highly available World wide scaling Secure Reliable
  6. 6. Key Benefits • Minimal application code • Easy to maintain • Enterprise-grade security features Simple & Secure • Multiple Identity Providers • .NET, iOS, and Android • Open standards Flexible
  7. 7. Capabilities Default Authentication Providers Social Media Identity Providers Custom Identity Providers Single Sign On Multi-factor authentication Enables & customize sign up/sign in Edit profiles
  8. 8. Application Code Open Standards • OAuth 2.0 • OpenID Connect MSAL
  9. 9. DEMO 1: REGISTERING THE APPLICATION
  10. 10. Sample application Web App MVC App for registering to-do items Calls Web API RequestsAccess tokens fromWeb API Tasks Web API Performs CRUD operations Scoped based access control
  11. 11. Demo Summary 7 Added values to web.config files 6 Copied the application Id’s from both apps 5 Generated and copied the client secret 4 Granted the read and write permissions to the demo web app (client) 3 Registered the demo web app 2 Published a read and write permission for theAPI 1 Registered theTasks demoWeb API
  12. 12. Flows & Policies Is triggered by application Predefined Reusable Custom Attributes User flows Configuration files XML Identity Experience Framework Standards- based OAuth 2.0, OIDC, SAML Custom Policies
  13. 13. When to use user flows Sign-up or sign- in with local or social accounts Self-service password reset Profile edit Multi-Factor Authentication Customize tokens and sessions
  14. 14. When to use custom policies Send a welcome email using your own email service provider Provision a user account in another system at the time of registration Use a user store outsideAzure AD B2C Validate user provided information with a trusted system by using an API
  15. 15. DEMO 2: CREATING A USER FLOW
  16. 16. Demo Summary 4 Tested the user flow 3 Selected the included fields and returned claims 2 Selected the Identity Provider to enable the flow 1 Created a new user flow
  17. 17. Identity Providers Authentication Service Security tokens Out-of-the-box providers Client Id & Secret
  18. 18. DEMO 3: CONFIGURING AN IDENTITY PROVIDER
  19. 19. Demo Summary 4 Enabled the Identity Provider in the user flow 3 Added the Google client id and client secret to the identity provider 2 Created an application in the Google Developer Console 1 Created a new Google Identity Provider
  20. 20. Page UI customization feature Customize look and feel Visual Consistency CORS Merges UI with HTML
  21. 21. DEMO 4: CUSTOMIZETHE UI
  22. 22. Demo Summary 6 Tested the user flow 5 Updated the user flow 4 Uploaded the HTML/CSS files to the Blob container 3 Created a custom HTML/CSS file 2 Enabled CORS 1 Created a storage account and blob container
  23. 23. Multi-factor authentication User flow level No code required
  24. 24. DEMO 5: ENABLING MFA
  25. 25. Demo Summary 3 Tested the application 2 Enabled Multifactor Authentication (MFA) 1 Openend the user flow settings
  26. 26. Wrap up It’s not Azure B2B App can be hosted everywhere Migrate with Azure AD Graph API Reporting and Monitoring Language customization
  27. 27. THANKYOU
  28. 28. Event partners Expo partners Expo light partners

×