SlideShare a Scribd company logo

Managing Application Identity using Azure B2C

Download as PPTX, PDF
Mike Douglas
Mike Douglas

This document provides an overview of managing application identity using Azure B2C. It begins with introductions and an agenda. It then covers key concepts around identity, OpenID Connect, and options for identity as a service. It distinguishes Azure AD, B2B, and B2C and their uses. The bulk of the document focuses on Azure B2C, covering what it is, types of applications supported, SSO and federation capabilities. It includes demos of configuring a B2C tenant and using the authorization code flow with PKCE. It concludes with advanced B2C features like user journeys, the Graph API, and identity protection.

Technology
1 of 20
© 2020 Lunavi | Confidential | MANAGING APPLICATION IDENTITY USING AZURE B2C Mike Douglas
© 2020 Lunavi | Confidential | 2 ABOUT ME • Mike Douglas • Solution Consultant and Director of Delivery Engineering at Lunavi • Microsoft MVP – Developer Technologies – DevOps • Organizer of Omaha DevOps Meetup • Competitive Robotics Club Coordinator for 4th – 6th Graders • @mikedouglasdev on twitter
© 2020 Lunavi | Confidential | 3 AGENDA • Identity Overview • Azure B2C Overview • Using B2C in Your Application • Advanced Features
© 2020 Lunavi | Confidential | 4 IDENTITY • What is Identity? − Controls access to system or service based on credentials of user − Authentication – validating a user is who they claim to be − Authorization – provides access to specific resource • Social vs Enterprise − You own the account VS Organization owns the account − Facebook, Google, etc. VS O365, AAD, ADFS • SSO and Federation • Standards – SAML and Open ID Connect
© 2020 Lunavi | Confidential | 5 OPEN ID CONNECT • Parts − Identity Providers (IdP), Token / Service Providers (TP/SP) − JWT (JSON Web Token) − OAuth2 • Flows − Authorization Code Flow − Implicit Flow − Client Credentials Grant Flow − Resource Owner Flow − Auth Code with PKCE replaces • ROPF and Implicit
© 2020 Lunavi | Confidential | 6 OIDC OPTIONS • Identity Server • ADFS, Ping Federate • Identity as a Service − Okta, AuthO, Azure AD, Azure B2C
© 2020 Lunavi | Confidential | 7 AAD VS B2C VS B2B • Azure AD − Enterprise Organization IDs = Employees − Protect apps with internal users – use this − RBAC for your application resources • Azure B2B − SAAS Partners − You want partners to use your apps but have them manage their users − Want your app to be the O365 / AAD SSO Directory • Azure B2C − External Users, Default is a Self Service Sign up / Sign in − Local (email / no email) − Social (Facebook, Google, etc) − Federate other OIDC and SAML
© 2020 Lunavi | Confidential | AZURE B2C
© 2020 Lunavi | Confidential | 9 AZURE B2C • Identity Protection for your Customers − Protect against attacks (Password Spray, DDOS, Bot, etc) − Identity and Mitigate Risk − MFA • High Availability and Globally Available • Extensive and Custom User Flows • Billing – Monthly Active Users (MAU) / First 50K Free
© 2020 Lunavi | Confidential | 10 TYPES OF APPLICATIONS SUPPORTED • Web Applications (Server) • SPA (Angular / React) − Implicit Flow − Authorization Code Flow with PKCE • Web APIs • Mobile / Native Applications • Not Support − Services / Daemons − On-Behalf-Of Flow
© 2020 Lunavi | Confidential | 11 SSO / FEDERATION • Azure B2C – IdP and/or SP − SAML − OIDC Azure B2C Service Provider SAML/OAuth IDP OKTA/FB/ Google/ SalesForce B2C as SP B2C as IdP
© 2020 Lunavi | Confidential | 12 AZURE AD AND B2C Okta B2C Identity Provider Local Users Okta Users API Management (Validate JWT) Token Provider Enterprise Identity Provider Federation AAD (RBAC) API Organization Tenant External Identities Tenant (B2C) Google Social Identity Provider Google Users Validate Org Users Web Authenticate
© 2020 Lunavi | Confidential | DEMO 1 – AZURE B2C CONFIGURATION
© 2020 Lunavi | Confidential | USING B2C IN YOUR APPLICATION
© 2020 Lunavi | Confidential | 15 MSAL • https://docs.microsoft.com/en-us/azure/active- directory/develop/reference-v2-libraries
© 2020 Lunavi | Confidential | 16 AUTH CODE GRANT WITH PKCE
© 2020 Lunavi | Confidential | DEMO 2 – AUTH CODE WITH PKCE
© 2020 Lunavi | Confidential | ADVANCED FEATURES
© 2020 Lunavi | Confidential | 19 ADVANCED FEATURES • User Journeys − Identity Experience Framework − GitHub Examples - https://github.com/azure-ad-b2c/samples • Graph API • Identity Protection and Conditional Access
© 2020 Lunavi | Confidential | QUESTIONS?

Recommended

Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
CA security-Management -Vasu Surabhi
CA security-Management -Vasu SurabhiCA security-Management -Vasu Surabhi
CA security-Management -Vasu SurabhiVasu Surabhi
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsBertrand Carlier
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access ManagementKalyana Sundaram
 

Recommended

Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
CA security-Management -Vasu Surabhi
CA security-Management -Vasu SurabhiCA security-Management -Vasu Surabhi
CA security-Management -Vasu SurabhiVasu Surabhi
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsBertrand Carlier
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access ManagementKalyana Sundaram
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
OAuth in SharePoint 2013
OAuth in SharePoint 2013OAuth in SharePoint 2013
OAuth in SharePoint 2013Dinusha Kumarasiri
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiVasu Surabhi
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Kenny Buntinx
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationLev Maltsev
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CloudIDSummit
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancyDevam Shah
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101CloudIDSummit
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
OAuth
OAuthOAuth
OAuthTom Elrod
 
CIS14: Building a Plug-in with the PingAccess SDK
CIS14: Building a Plug-in with the PingAccess SDKCIS14: Building a Plug-in with the PingAccess SDK
CIS14: Building a Plug-in with the PingAccess SDKCloudIDSummit
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
Oracle web center
Oracle web centerOracle web center
Oracle web centerEast Le
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementPerficient, Inc.
 
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemBarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemWong Hoi Sing Edison
 

More Related Content

What's hot

CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in ActionCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on systemSwati Sinha
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiVasu Surabhi
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuVasu Surabhi
 
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Kenny Buntinx
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationLev Maltsev
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CloudIDSummit
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancyDevam Shah
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101CloudIDSummit
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
CIS14: Building a Plug-in with the PingAccess SDK
CIS14: Building a Plug-in with the PingAccess SDKCIS14: Building a Plug-in with the PingAccess SDK
CIS14: Building a Plug-in with the PingAccess SDKCloudIDSummit
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study ForgeRock
 
Oracle web center
Oracle web centerOracle web center
Oracle web centerEast Le
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 

What's hot (20)

CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
Web Single sign on system
Web Single sign on systemWeb Single sign on system
Web Single sign on system
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
OAuth in SharePoint 2013
OAuth in SharePoint 2013OAuth in SharePoint 2013
OAuth in SharePoint 2013
 
CA CloudMinder Vasu Surabhi
CA CloudMinder Vasu SurabhiCA CloudMinder Vasu Surabhi
CA CloudMinder Vasu Surabhi
 
CA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - VasuCA Security - Deloitte IAM Summit - Vasu
CA Security - Deloitte IAM Summit - Vasu
 
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
Llunitebe2018 ten practical tips to secure your corporate data with microsoft...
 
The lazy programmer`s way to secure application
The lazy programmer`s way to secure applicationThe lazy programmer`s way to secure application
The lazy programmer`s way to secure application
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
 
Single sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancySingle sign on - benefits, challenges and case study : iFour consultancy
Single sign on - benefits, challenges and case study : iFour consultancy
 
CIS14: PingAccess 101
CIS14: PingAccess 101CIS14: PingAccess 101
CIS14: PingAccess 101
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
 
OAuth
OAuthOAuth
OAuth
 
CIS14: Building a Plug-in with the PingAccess SDK
CIS14: Building a Plug-in with the PingAccess SDKCIS14: Building a Plug-in with the PingAccess SDK
CIS14: Building a Plug-in with the PingAccess SDK
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer Presentation
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
Oracle web center
Oracle web centerOracle web center
Oracle web center
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 

Similar to Managing Application Identity using Azure B2C

Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementPerficient, Inc.
 
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemBarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemWong Hoi Sing Edison
 
Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...Mary Bass
 
MuleSoft Meetup Charlotte 2019
MuleSoft Meetup Charlotte 2019MuleSoft Meetup Charlotte 2019
MuleSoft Meetup Charlotte 2019Subhash Patel
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP Slides
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP SlidesXamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP Slides
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP SlidesXamarin
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identityJoTechies
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020Peter Selch Dahl
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2
 
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlSecuring ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlAaronLieberman5
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...Robin Vermeirsch
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD Peter Selch Dahl
 
Mule soft meetup Houston 16
Mule soft meetup Houston 16Mule soft meetup Houston 16
Mule soft meetup Houston 16Jim Andrews
 
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Perficient, Inc.
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationChristian Glahn
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADuberbaum
 

Similar to Managing Application Identity using Azure B2C (20)

Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemBarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
 
Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...
 
MuleSoft Meetup Charlotte 2019
MuleSoft Meetup Charlotte 2019MuleSoft Meetup Charlotte 2019
MuleSoft Meetup Charlotte 2019
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP Slides
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP SlidesXamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP Slides
Xamarin and SAP Mobile Platform for Mobile Enterprise Success - SAP Slides
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
JoTechies - Cloud identity
JoTechies - Cloud identityJoTechies - Cloud identity
JoTechies - Cloud identity
 
IBM Social Apps
IBM Social AppsIBM Social Apps
IBM Social Apps
 
EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020EWUG - Something about the Cloud - Unit IT - January 14, 2020
EWUG - Something about the Cloud - Unit IT - January 14, 2020
 
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 EcosystemWSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
WSO2Con ASIA 2016: Case Study: Identity in the WSO2 Ecosystem
 
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access controlSecuring ap is oauth and fine grained access control
Securing ap is oauth and fine grained access control
 
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
20150924 Xylos Technology Day - Stay in control of your identity with Azure A...
 
2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD 2018 November - AZUGDK - Azure AD
2018 November - AZUGDK - Azure AD
 
Mule soft meetup Houston 16
Mule soft meetup Houston 16Mule soft meetup Houston 16
Mule soft meetup Houston 16
 
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
Salesforce Identity: Connect and Collaborate Anywhere, Securely with Single S...
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
Premier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure ADPremier Webcast - Identity Management with Windows Azure AD
Premier Webcast - Identity Management with Windows Azure AD
 

Recently uploaded

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Recently uploaded (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Managing Application Identity using Azure B2C

  • 1. © 2020 Lunavi | Confidential | MANAGING APPLICATION IDENTITY USING AZURE B2C Mike Douglas
  • 2. © 2020 Lunavi | Confidential | 2 ABOUT ME • Mike Douglas • Solution Consultant and Director of Delivery Engineering at Lunavi • Microsoft MVP – Developer Technologies – DevOps • Organizer of Omaha DevOps Meetup • Competitive Robotics Club Coordinator for 4th – 6th Graders • @mikedouglasdev on twitter
  • 3. © 2020 Lunavi | Confidential | 3 AGENDA • Identity Overview • Azure B2C Overview • Using B2C in Your Application • Advanced Features
  • 4. © 2020 Lunavi | Confidential | 4 IDENTITY • What is Identity? − Controls access to system or service based on credentials of user − Authentication – validating a user is who they claim to be − Authorization – provides access to specific resource • Social vs Enterprise − You own the account VS Organization owns the account − Facebook, Google, etc. VS O365, AAD, ADFS • SSO and Federation • Standards – SAML and Open ID Connect
  • 5. © 2020 Lunavi | Confidential | 5 OPEN ID CONNECT • Parts − Identity Providers (IdP), Token / Service Providers (TP/SP) − JWT (JSON Web Token) − OAuth2 • Flows − Authorization Code Flow − Implicit Flow − Client Credentials Grant Flow − Resource Owner Flow − Auth Code with PKCE replaces • ROPF and Implicit
  • 6. © 2020 Lunavi | Confidential | 6 OIDC OPTIONS • Identity Server • ADFS, Ping Federate • Identity as a Service − Okta, AuthO, Azure AD, Azure B2C
  • 7. © 2020 Lunavi | Confidential | 7 AAD VS B2C VS B2B • Azure AD − Enterprise Organization IDs = Employees − Protect apps with internal users – use this − RBAC for your application resources • Azure B2B − SAAS Partners − You want partners to use your apps but have them manage their users − Want your app to be the O365 / AAD SSO Directory • Azure B2C − External Users, Default is a Self Service Sign up / Sign in − Local (email / no email) − Social (Facebook, Google, etc) − Federate other OIDC and SAML
  • 8. © 2020 Lunavi | Confidential | AZURE B2C
  • 9. © 2020 Lunavi | Confidential | 9 AZURE B2C • Identity Protection for your Customers − Protect against attacks (Password Spray, DDOS, Bot, etc) − Identity and Mitigate Risk − MFA • High Availability and Globally Available • Extensive and Custom User Flows • Billing – Monthly Active Users (MAU) / First 50K Free
  • 10. © 2020 Lunavi | Confidential | 10 TYPES OF APPLICATIONS SUPPORTED • Web Applications (Server) • SPA (Angular / React) − Implicit Flow − Authorization Code Flow with PKCE • Web APIs • Mobile / Native Applications • Not Support − Services / Daemons − On-Behalf-Of Flow
  • 11. © 2020 Lunavi | Confidential | 11 SSO / FEDERATION • Azure B2C – IdP and/or SP − SAML − OIDC Azure B2C Service Provider SAML/OAuth IDP OKTA/FB/ Google/ SalesForce B2C as SP B2C as IdP
  • 12. © 2020 Lunavi | Confidential | 12 AZURE AD AND B2C Okta B2C Identity Provider Local Users Okta Users API Management (Validate JWT) Token Provider Enterprise Identity Provider Federation AAD (RBAC) API Organization Tenant External Identities Tenant (B2C) Google Social Identity Provider Google Users Validate Org Users Web Authenticate
  • 13. © 2020 Lunavi | Confidential | DEMO 1 – AZURE B2C CONFIGURATION
  • 14. © 2020 Lunavi | Confidential | USING B2C IN YOUR APPLICATION
  • 15. © 2020 Lunavi | Confidential | 15 MSAL • https://docs.microsoft.com/en-us/azure/active- directory/develop/reference-v2-libraries
  • 16. © 2020 Lunavi | Confidential | 16 AUTH CODE GRANT WITH PKCE
  • 17. © 2020 Lunavi | Confidential | DEMO 2 – AUTH CODE WITH PKCE
  • 18. © 2020 Lunavi | Confidential | ADVANCED FEATURES
  • 19. © 2020 Lunavi | Confidential | 19 ADVANCED FEATURES • User Journeys − Identity Experience Framework − GitHub Examples - https://github.com/azure-ad-b2c/samples • Graph API • Identity Protection and Conditional Access
  • 20. © 2020 Lunavi | Confidential | QUESTIONS?