JG
Uploaded byJeremy Gray
PPTX, PDF160 views

Azure AD B2C An Introduction - DogFoodCon 2018

The document discusses Microsoft Azure Active Directory B2C, emphasizing its role in securely authenticating customers through various identity providers and customer experiences. It outlines the challenges of traditional authentication and the benefits of using OAuth 2.0 and OpenID Connect for authorization and authentication processes. Additionally, it provides insights into user migration and customization of user journeys using Graph API and integrations with other systems.

Embed presentation

Downloaded 12 times
Azure AD B2C DogFoodCon Jeremy Gray Microsoft Cloud Solution Architect, Financial Services 10/4/2018
© Microsoft Corporation
© Microsoft Corporation Introduction
© Microsoft Corporation Contents ## What Problem are we Solving ## Some Definitions ## Typical Customer Interactions ## OpenId Connect Overview ## Tokens ## A Basic Application ## Adding users with the GraphApi
How can businesses securely connect with their customers?
© Microsoft Corporation Authentication: The process of confirming identity Authorization: Specifying access rights to resources OAuth 2.0: OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group. OpenId Connect: OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID Foundation. Client: This is an application, not a user Definitions
© Microsoft Corporation Types of Users Employees Customers Administrators
© Microsoft Corporation • Interoperability • The client-server authentication model doesn’t account for mobile (non-browser) devices, or anything cross- domain. • Netscape came up with cookies before api’s and interop were issues. • The ability to restrict access to a limited subset of resources for a specified duration is difficult. • Governance • Credentials must be shared with 3rd parties • 3rd party systems we store credentials in can’t be governed • Revoking access to the 3rd party would mean changing all stored (user) passwords. Some classic problems
© Microsoft Corporation A “new” scenario
© Microsoft Corporation auth_token sample This is encoded (not encrypted) and signed by the issuer certificate
© Microsoft Corporation id_token sample This is encoded (not encrypted) and signed by the issuer certificate
Apps Analytics Line of business integration Business Social IDs Business & Government IDs contoso Customers Azure Active Directory B2C Securely authenticate your customers using their preferred identity provider Capture login, preference, and conversion data for customers Provide branded (white-label) registration and login experiences FARM BUREAU
© Microsoft Corporation Demo - Basic
© Microsoft Corporation Here is what that looks like
© Microsoft Corporation Using Graph Api / User Migration
© Microsoft Corporation Pre-migration flow If you have access to a user’s credentials. User database Web App AD B2C old login Migration App 1. Read Users 2. Create users with Graph Api 3. Cutover login screen new login
© Microsoft Corporation Pre-migration flow + Password Reset You have no access to a user’s credentials. User database Web App AD B2C old login Migration App 1. Read Users 2. Create users with Graph Api
© Microsoft Corporation Demo Using Graph Api / User Migration
User journeys Open standards Connect to a store or migrate its users Conditional branching Enrich user journeys Connect with existing systems Build complex apps with open standards Identity Experts Tailor every step of your user journey to have complete control Integrate with any SAML or OIDC identity provider Use REST APIs to enrich claims and empower user journeys Customize your user journeys with conditional branching Connect with existing CRM systems, marketing tools, and databases Connect to your existing user stores or migrate from those systems seamlessly
© Copyright Microsoft Corporation. All rights reserved.

More Related Content

PPTX
Intelligent Cloud Conference: Azure AD B2C Application security made easy
bySjoukje Zaal
 
PPTX
Introduction to Azure AD and Azure AD B2C
byJoonas Westlin
 
PPTX
The bits and pieces of Azure AD B2C
byAnton Staykov
 
PPTX
Azure B2C
byMarco De Sanctis
 
PDF
Azure AD B2C – integration in a bank
byKseniia Lvova
 
PPTX
Dear Azure: External collaboration with Azure AD B2B
bySjoukje Zaal
 
PPTX
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
byJeremy Gray
 
PPTX
A Developer's Introduction to Azure Active Directory B2C
byJohn Garland
 
Intelligent Cloud Conference: Azure AD B2C Application security made easy
bySjoukje Zaal
 
Introduction to Azure AD and Azure AD B2C
byJoonas Westlin
 
The bits and pieces of Azure AD B2C
byAnton Staykov
 
Azure B2C
byMarco De Sanctis
 
Azure AD B2C – integration in a bank
byKseniia Lvova
 
Dear Azure: External collaboration with Azure AD B2B
bySjoukje Zaal
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
byJeremy Gray
 
A Developer's Introduction to Azure Active Directory B2C
byJohn Garland
 

What's hot

PPTX
Microsoft identity manoj mittal
byManoj Mittal
 
PPTX
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
byVinu Gunasekaran
 
PPTX
Azure AD B2C Webinar Series: Custom Policies Part 1
byVinu Gunasekaran
 
PPTX
Azure Active Directory - An Introduction for Developers
byJohn Garland
 
PPTX
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
byRoy Kim
 
PPTX
Azure AD Presentation - @ BITPro - Ajay
byAnoop Nair
 
PPTX
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
byPeter Selch Dahl
 
PPTX
Certifications for Azure Developers
byKrunal Trivedi
 
PPTX
Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting
byVinu Gunasekaran
 
PPTX
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
byMaarten Balliauw
 
PPTX
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
byRoy Kim
 
PPTX
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
byVinu Gunasekaran
 
PPTX
Azure Active Directory - An Introduction
byVenkatesh Narayanan
 
PPTX
Identity and o365 on Azure
byMostafa
 
PPTX
Spunite exploring identity management options in office 365
byPaul Hunt
 
PPTX
Microsoft Azure Identity and O365
byKris Wagner
 
PPTX
Developing Apps with Azure AD
bySharePointRadi
 
PPTX
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
byAnco Stuij
 
PPTX
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
byVinu Gunasekaran
 
PPTX
Univeral App using O365 API
bySenthamil Selvan
 
Microsoft identity manoj mittal
byManoj Mittal
 
Azure AD B2C Webinar Series: Custom Policies Part 2 Policy Walkthrough
byVinu Gunasekaran
 
Azure AD B2C Webinar Series: Custom Policies Part 1
byVinu Gunasekaran
 
Azure Active Directory - An Introduction for Developers
byJohn Garland
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
byRoy Kim
 
Azure AD Presentation - @ BITPro - Ajay
byAnoop Nair
 
EWUG - Azure AD Pass-through Authentication and Seamless Single Sign-On
byPeter Selch Dahl
 
Certifications for Azure Developers
byKrunal Trivedi
 
Azure AD B2C Webinar Series: Custom Policies Part 3 Troubleshooting
byVinu Gunasekaran
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
byMaarten Balliauw
 
Microsoft Reactor Toronto 5/5/2020 | Azure Kubernetes In Action - Running and...
byRoy Kim
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 1
byVinu Gunasekaran
 
Azure Active Directory - An Introduction
byVenkatesh Narayanan
 
Identity and o365 on Azure
byMostafa
 
Spunite exploring identity management options in office 365
byPaul Hunt
 
Microsoft Azure Identity and O365
byKris Wagner
 
Developing Apps with Azure AD
bySharePointRadi
 
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
byAnco Stuij
 
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2
byVinu Gunasekaran
 
Univeral App using O365 API
bySenthamil Selvan
 

Similar to Azure AD B2C An Introduction - DogFoodCon 2018

PPTX
Microsoft Graph API Webinar Application Permissions
byStefan Weber
 
PPTX
What's new in Azure Active Directory and what's coming new ?
byVignesh Ganesan I Microsoft MVP
 
PPTX
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
PPTX
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
byFwdays
 
PPTX
Introduction to the Microsoft identity platform for developers
byChristos Matskas
 
PDF
Identity and Access Management from Microsoft and Razor Technology
byDavid J Rosenthal
 
PDF
Auth experience - vol 1.0
byHaggai Philip Zagury
 
PPTX
Azure from scratch part 2 By Girish Kalamati
byGirish Kalamati
 
PDF
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
byNCCOMMS
 
PDF
Protect your business with identity and access management in the cloud
byMicrosoft
 
PPTX
Azure AD and Office 365 - Deja Vu All Over Again
bySean Deuby
 
PDF
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
byJürgen Ambrosi
 
PDF
24032022 Zero Trust for Developers Pub.pdf
byTomasz Kopacz
 
PPTX
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
byScott Hoag
 
PDF
Security As A Service
byOlav Tvedt
 
PPTX
Secure your Azure Web App 2019
byFrans Lytzen
 
PPTX
Programming Azure Active Directory (DevLink 2014)
byMichael Collier
 
PPTX
ECS19 - Mike Ammerlaan - Microsoft Graph Data Connect
byEuropean Collaboration Summit
 
PDF
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
byMichael Collier
 
PPTX
Deep Dive into Office 365 API for Azure AD
byPaul Schaeflein
 
Microsoft Graph API Webinar Application Permissions
byStefan Weber
 
What's new in Azure Active Directory and what's coming new ?
byVignesh Ganesan I Microsoft MVP
 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
byFredBrandonAuthorMCP
 
"Secure Mobile Apps with the Microsoft Identity Platform", Christos Matskas, ...
byFwdays
 
Introduction to the Microsoft identity platform for developers
byChristos Matskas
 
Identity and Access Management from Microsoft and Razor Technology
byDavid J Rosenthal
 
Auth experience - vol 1.0
byHaggai Philip Zagury
 
Azure from scratch part 2 By Girish Kalamati
byGirish Kalamati
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
byNCCOMMS
 
Protect your business with identity and access management in the cloud
byMicrosoft
 
Azure AD and Office 365 - Deja Vu All Over Again
bySean Deuby
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
byJürgen Ambrosi
 
24032022 Zero Trust for Developers Pub.pdf
byTomasz Kopacz
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
byScott Hoag
 
Security As A Service
byOlav Tvedt
 
Secure your Azure Web App 2019
byFrans Lytzen
 
Programming Azure Active Directory (DevLink 2014)
byMichael Collier
 
ECS19 - Mike Ammerlaan - Microsoft Graph Data Connect
byEuropean Collaboration Summit
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
byMichael Collier
 
Deep Dive into Office 365 API for Azure AD
byPaul Schaeflein
 

Recently uploaded

PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Why Most GenAI Projects Fail to Scale and How to Become One of the Success St...
byEarley Information Science
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 

Azure AD B2C An Introduction - DogFoodCon 2018

  • 1.
    Azure AD B2C DogFoodCon JeremyGray Microsoft Cloud Solution Architect, Financial Services 10/4/2018
  • 2.
  • 3.
  • 4.
    © Microsoft Corporation Contents ##What Problem are we Solving ## Some Definitions ## Typical Customer Interactions ## OpenId Connect Overview ## Tokens ## A Basic Application ## Adding users with the GraphApi
  • 5.
    How can businessessecurely connect with their customers?
  • 6.
    © Microsoft Corporation Authentication:The process of confirming identity Authorization: Specifying access rights to resources OAuth 2.0: OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group. OpenId Connect: OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework. The standard is controlled by the OpenID Foundation. Client: This is an application, not a user Definitions
  • 7.
    © Microsoft Corporation Typesof Users Employees Customers Administrators
  • 8.
    © Microsoft Corporation •Interoperability • The client-server authentication model doesn’t account for mobile (non-browser) devices, or anything cross- domain. • Netscape came up with cookies before api’s and interop were issues. • The ability to restrict access to a limited subset of resources for a specified duration is difficult. • Governance • Credentials must be shared with 3rd parties • 3rd party systems we store credentials in can’t be governed • Revoking access to the 3rd party would mean changing all stored (user) passwords. Some classic problems
  • 9.
    © Microsoft Corporation A“new” scenario
  • 10.
    © Microsoft Corporation auth_tokensample This is encoded (not encrypted) and signed by the issuer certificate
  • 11.
    © Microsoft Corporation id_tokensample This is encoded (not encrypted) and signed by the issuer certificate
  • 12.
    Apps Analytics Line of business integration Business Social IDs Business& Government IDs contoso Customers Azure Active Directory B2C Securely authenticate your customers using their preferred identity provider Capture login, preference, and conversion data for customers Provide branded (white-label) registration and login experiences FARM BUREAU
  • 13.
  • 14.
    © Microsoft Corporation Hereis what that looks like
  • 15.
    © Microsoft Corporation UsingGraph Api / User Migration
  • 16.
    © Microsoft Corporation Pre-migrationflow If you have access to a user’s credentials. User database Web App AD B2C old login Migration App 1. Read Users 2. Create users with Graph Api 3. Cutover login screen new login
  • 17.
    © Microsoft Corporation Pre-migrationflow + Password Reset You have no access to a user’s credentials. User database Web App AD B2C old login Migration App 1. Read Users 2. Create users with Graph Api
  • 18.
    © Microsoft Corporation DemoUsing Graph Api / User Migration
  • 19.
    User journeys Open standards Connect to a storeor migrate its users Conditional branching Enrich user journeys Connect with existing systems Build complex apps with open standards Identity Experts Tailor every step of your user journey to have complete control Integrate with any SAML or OIDC identity provider Use REST APIs to enrich claims and empower user journeys Customize your user journeys with conditional branching Connect with existing CRM systems, marketing tools, and databases Connect to your existing user stores or migrate from those systems seamlessly
  • 20.
    © Copyright MicrosoftCorporation. All rights reserved.

Editor's Notes

  • #3 There has never been a better time to be in technology.
  • #4  Rock my linked in https://www.linkedin.com/in/thejeremygray/
  • #8 This is how I think of users, employees (inclucing consultants/contractors or anyone we have a company level contract with) are like dogs…loyal they do what you want most of the time, we trust them. Customers are like cats, they like us most of the time, but wouldn’t really notice if we didn’t exists anymore. Internal administrators have a higher level of access and should be governed at a higher level.
  • #9 These issues lead to us creating islands of authentication with no interop between them.
  • #10 Log into Walmart and pull resources from flickr to print…how do we do this?
  • #11 Jwt.io
  • #12 Notice the “aud” / audience, this is scoped to the web application whereas the auth token is scoped to the function.
  • #14 https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi
  • #15 Heres a lovely drawing written on really old letterhead.
  • #16 https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
  • #17 https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration
  • #18 https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration You have options here on how to do the cutover and you should make a smart decision based on your users. The easiest would be to do a blanket password reset cutover. Send an email and say “Your password has been reset”, making them go through the normal password reset policy. A little less intrusive would be to manage in your application which IdP the user is on and cut them over when their current password expires.
  • #19 https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet cd C:\src\B2C-GraphAPI-DotNet\B2CGraphClient\bin\Debug B2C Create-User ..\..\..\usertemplate-email.json B2C Create-User ..\..\..\usertemplate-username.json
  • #20 Integrate with developer tools, libraries, and SDKs supporting OAUTH/Open ID Connect