Kalyan Krishna from Microsoft hosted a community call on implementing authorization in applications using features of the Microsoft Identity Platform like app roles, security groups, scopes, and directory roles. The call covered:
- Defining and assigning app roles to users and other apps to control permissions.
- Using security groups assigned to users to manage access and optionally returning group details in tokens.
- Configuring application groups to filter tokens to only include groups relevant to an application.
- Providing scopes or delegated permissions for public client applications to request access to resources.
- Directories roles for administering access in Azure AD tenants.
Use App Configuration to store all the settings for your application and secure their accesses in one place.
Centralize management and distribution of hierarchical configuration data for different environments and geographies
Dynamically change application settings without the need to redeploy or restart an application
At the core its a key-value store
Supports history
Great fit for Event-driven microservices architecture
Control feature availability in real-time
Cloud Native Implementation of the “External configuration store” pattern
https://www.meetup.com/Stockholm-Azure-Meetup/events/265524268/
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
Azure Blueprints helps you deploy and update cloud environments in a repeatable manner using composable artifacts such as Azure Resource Manager templates to provision resources, role-based access controls, and policies.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Use App Configuration to store all the settings for your application and secure their accesses in one place.
Centralize management and distribution of hierarchical configuration data for different environments and geographies
Dynamically change application settings without the need to redeploy or restart an application
At the core its a key-value store
Supports history
Great fit for Event-driven microservices architecture
Control feature availability in real-time
Cloud Native Implementation of the “External configuration store” pattern
https://www.meetup.com/Stockholm-Azure-Meetup/events/265524268/
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
Azure Blueprints helps you deploy and update cloud environments in a repeatable manner using composable artifacts such as Azure Resource Manager templates to provision resources, role-based access controls, and policies.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
Azure Role Based Access Control with an use case and explanation about various concepts like Global Administrators, Role Assignments, Account Administrators, Azure Roles, Custom Roles for both Azure AD and Azure Subscriptions
Join Kalyan Krishna for Part II on the introduction to Microsoft Graph for developers. Agenda topics include:
-What is Microsoft Graph?
-Why did we build Microsoft Graph?
-Common Scenarios
-Developing applications for Microsoft Graph
-Code walkthrough – Manage Users
-The Big Picture
For more information, please visit https://graph.microsoft.com
The world of Identity and Access Management is ruled by two things, acronyms and standards. In our hugely popular blog post on SAML vs OAuth we compared the two most common authorization protocols – SAML2 and OAuth 2.0. This white paper extends that comparison with the inclusion of a third protocol, OpenID Connect. We also touch on the now obsolete OpenID 2.0 protocol.
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar
Introduction
Impact of XSS attacks
Types of XSS attacks
Detection of XSS attacks
Prevention of XSS attacks
At client side
At Server-side
Conclusion
References
It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can't go far without running into the popular authorization framework for REST/APIs and social authentication.
During Oktane15 (https://www.okta.com/oktane15/), Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing support for OpenID Connect.
An introduction to OAuth2 and OpenID Connect intended for a technical audience. This covers terminology, core concepts, and all the core grants/flows for OAuth2 and OpenID Connect
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth.
In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution for microservices environments based on OIDC. We present a simple RBAC implementation together with fine-grained permissions and end to end automation.
One of the major concerns for most organizations considering cloud services is security in the cloud. Are you looking to secure your cloud environment or services, no matter what they may be – data, operating system, domain or applications from intrusion and vulnerabilities? Azure Active Directory is Microsoft's multi-tenant, cloud-based directory, and identity management service helping secure your cloud and on-premise environments.
In this presentation, we discussed Azure Active Directory (Azure AD) Identity Protection, Conditional Access, Identity Management which uses AI and machine learning capabilities to help secure your cloud environment – Office 365 and Azure. In this session, we discussed
Advanced features of Azure AD
Demonstrate the detection capabilities, and real-time prevention
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
พบกับเซสชั่น "Microsoft Graph for Microsoft 365 and Power Platform" ในงาน Microsoft 365 Developer Bootcamp
- แนะนำ Microsoft Graph
- เรียนรู้การเรียกใช้งาน REST API เพื่อเข้าถึงข้อมูลบนบริการต่าง ๆ ของ Microsoft 365
โดยคุณแชมป์ Narisorn Limpaswadpaisarn (Microsoft Certified Trainer)
Manually deploying Microsoft Teams is overwhelming. Using Teams Templates, SharePoint Online, and Power Automate we will build and discuss how to best create a self service Microsoft Teams provisioning process. How do we handle approval and management? Templates? Flow creation? Find out, in this in session!
Protect your business with a universal identity platform
The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks.
Gartner named Microsoft a leader in Magic Quadrant 2020 for Access Management
Single sign-on simplifies access to your apps from anywhere
Conditional Access and multi-factor authentication help protect and govern access
A single identity platform lets you engage with internal and external users more securely
Developer tools make it easy to integrate identity into your apps and services
Connect your workforce
Whether people are on-site or remote, give them seamless access to all their apps so they can stay productive from anywhere. Automate workflows for user lifecycle and provisioning. Save time and resources with self-service management.
Choose from thousands of SaaS apps
Simplify single sign-on. Azure AD supports thousands of pre-integrated software as a service (SaaS) applications.
Protect and govern access
Safeguard user credentials by enforcing strong authentication and conditional access policies. Efficiently manage your identities by ensuring that the right people have the right access to the right resources.
Engage with your customers and partners
Secure and manage customers and partners beyond your organizational boundaries, with one identity solution. Customize user journeys and simplify authentication with social identity and more.
Integrate identity into your apps
Accelerate adoption of your application in the enterprise by supporting single sign-on and user provisioning. Reduce sign-in friction and automate the creation, removal, and maintenance of user accounts.
Azure Role Based Access Control with an use case and explanation about various concepts like Global Administrators, Role Assignments, Account Administrators, Azure Roles, Custom Roles for both Azure AD and Azure Subscriptions
Join Kalyan Krishna for Part II on the introduction to Microsoft Graph for developers. Agenda topics include:
-What is Microsoft Graph?
-Why did we build Microsoft Graph?
-Common Scenarios
-Developing applications for Microsoft Graph
-Code walkthrough – Manage Users
-The Big Picture
For more information, please visit https://graph.microsoft.com
The world of Identity and Access Management is ruled by two things, acronyms and standards. In our hugely popular blog post on SAML vs OAuth we compared the two most common authorization protocols – SAML2 and OAuth 2.0. This white paper extends that comparison with the inclusion of a third protocol, OpenID Connect. We also touch on the now obsolete OpenID 2.0 protocol.
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar
Introduction
Impact of XSS attacks
Types of XSS attacks
Detection of XSS attacks
Prevention of XSS attacks
At client side
At Server-side
Conclusion
References
It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can't go far without running into the popular authorization framework for REST/APIs and social authentication.
During Oktane15 (https://www.okta.com/oktane15/), Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing support for OpenID Connect.
An introduction to OAuth2 and OpenID Connect intended for a technical audience. This covers terminology, core concepts, and all the core grants/flows for OAuth2 and OpenID Connect
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth.
In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution for microservices environments based on OIDC. We present a simple RBAC implementation together with fine-grained permissions and end to end automation.
One of the major concerns for most organizations considering cloud services is security in the cloud. Are you looking to secure your cloud environment or services, no matter what they may be – data, operating system, domain or applications from intrusion and vulnerabilities? Azure Active Directory is Microsoft's multi-tenant, cloud-based directory, and identity management service helping secure your cloud and on-premise environments.
In this presentation, we discussed Azure Active Directory (Azure AD) Identity Protection, Conditional Access, Identity Management which uses AI and machine learning capabilities to help secure your cloud environment – Office 365 and Azure. In this session, we discussed
Advanced features of Azure AD
Demonstrate the detection capabilities, and real-time prevention
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
พบกับเซสชั่น "Microsoft Graph for Microsoft 365 and Power Platform" ในงาน Microsoft 365 Developer Bootcamp
- แนะนำ Microsoft Graph
- เรียนรู้การเรียกใช้งาน REST API เพื่อเข้าถึงข้อมูลบนบริการต่าง ๆ ของ Microsoft 365
โดยคุณแชมป์ Narisorn Limpaswadpaisarn (Microsoft Certified Trainer)
Manually deploying Microsoft Teams is overwhelming. Using Teams Templates, SharePoint Online, and Power Automate we will build and discuss how to best create a self service Microsoft Teams provisioning process. How do we handle approval and management? Templates? Flow creation? Find out, in this in session!
CCI 2019 - PowerApps for Enterprise Developerswalk2talk srl
Il potenziale di PowerApps per la creazione di applicazioni aziendali rende la piattaforma molto apprezzata per la maggior parte delle applicazioni di cui le aziende hanno bisogno internamente.
Ma quando le richieste iniziano a includere la possibilità di lavorare offline, integrare i servizi di Azure, incorporare un'applicazione PowerApps, creare e riutilizzare componenti personalizzati o utilizzare connettori personalizzati per dati e servizi aziendali o gestire il ciclo di vita di un'app, le cose diventano più complicate.
In questa sessione vedremo come sfruttare i meccanismi e le funzionalità che PowerApps include per soddisfare queste esigenze.
By Fabio Franzini
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.
Extend Your Use of JIRA by Solving Your Unique Concerns: An Exposé of the New...Atlassian
The existence of an API allows developers to extend software so as to cater for unique use cases beyond the software's original scope. Administrators and end users of JIRA 5 can expect its REST API to enable the creation of integrated applications to solve their unique concerns. This presentation aims to describe ways in which the JIRA 5 REST API can be used to make a tangible impact for the end user. Several use cases will be discussed, ranging from running simple command line apps, through to creating web applications that integrate with the JIRA 5 REST API.
SharePoint 2013 Apps and the App ModelJames Tramel
SharePoint 2013 Apps - deep dive. We'll look at they work, what they look like, what they do and how to us apps. Its all about the apps. Apps are good, very good.
Logic apps and PowerApps - Integrate across your APIsSriram Hariharan
We have a number of new feature in Logic apps and PowerApps that make it easier than ever to build workflows that orchetstrate across any RESTful API. We will cover some of the latest updates to Logic apps and PowerApps.
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
Building an application that can be provisioned and used in multiple Azure AD tenants goes far beyond just flipping a switch in your app configuration. The developer has to undertake application provisioning, decide on a provisioning strategy, push changes to customers, manage identities flowing from multiple tenants, collect essential information from authentication signals, learn to differentiate the different types of users they will encounter and understand the key differences from the B2B scenarios. In this community call, Kalyan Krishnan reviews the steps and considerations required to develop, configure, provision, and manage multi-tenant applications.
For more information, visit https://aka.ms/identityplatform
Granite state #spug The #microsoftGraph and #SPFx on steroids with #AzureFunc...Vincent Biret
Slides supporting the session at the granite state user group meeting of January 2019. Talking as well about #Azure Active directory and lots of other things
Azure Networking, Azure Storage, Enterprise Azure Active Directory, Daemon or Server application authentication workflow, Worker processes, Daemon, Daemon application to Web API, Azure Active Directory in old azure portal, ASM, Azure active directory and Mutl-tenant applications, Sharding, Federation, Shared singe, RBAC, Differences between AAD and AD DS, Azure AD Subscription models, Azure Domain Names, Manage Users, Groups,Co-Admin Role, Default Azure Active Directory, Adding access to another azure subscription. Contributor, Owner , Roles in Azure Subscriptions, Roles, MFA, Multi-Factor Authentication, How does MFA works, Scenarios for Azure MFA, Setting up MFA in Azure AD, Setting MFA, Azure Authenticator, Hybrid AD solutions, AD DS, Federated Trust, Domain Controller, AD, AAD Connecter, AD FS, AAD, Active Directory Password synchronization, Benefits of Active Directory, Active Directory Replication, vulnerabilities with multiple Domain Controller, Azure AD features, Synchronization with AD Connect, Write-back policies, Azure AD Health COnnect, Installing Azure AD COnnect Health,Integrating Azure AD and SaaS Applications, Benefits of using SaaS Solutions with your products, Benefits of SaaS Solutions, Azure Marketplace, DropBox Integrations with AAD, New Relic Integrations, New Relic, Dropbox, Azure AD Enterprise Application, VSTS integration for Automated Builds, Federation Overview, Claims, Single Sign On, Federated Trusts, Claim based authentications, Federated trusts, Claims Processing, Web Application Proxy, ADFS Proxy, ADFS 2.0 Proxy, How does ADFS proxy works for internal users, How does ADFS proxy works for internal users,Azure AD B2C Directory, B2C applications, Business 2 Customers application, 3rd Party Authentication, Bearer Token, OAuth, 3rd Party Identity Provider, OAuth server, Azure AD B2C Authentication & Authorization, Implementing Azure AD B2C Directory, Setting up Single Sign On with Facebook, Google, Microsoft. Linkedin, SignUP Policies, SignIN Policies, Email SignUp, SignUpSignIN PolicyID, Configuring Application with Azure Application ID,Modern Applications, Requirements for Modern Apps, API, Logic Applications, Mobile App, Web App, Function App, Go To Market, Microsoft Application Platform, App Service Plan, App Service Environment - Private Infrastructure, Why use App Service, App service Features & Capabilities, Azure App Service, Virtual Machine, Service Fabric & Cloud Services Comparison, Creating a Mobile App, Swagger UI, API Apps, API management, API APPS & API Management, Implementing API APP via Visual Studio,
July’s call, hosted by Kim Brandl and Doug Mahugh, featured the following presenters and topics:
• Doug Mahugh, Senior Dev Writer, presented an overview of the Office Add-ins platform.
• Sohail Zafar, Senior Program Manager, covered what’s new in the Outlook JavaScript APIs.
• Yu Kaijun, Senior Program Manager, and Ruoying Liang, Senior Program Manager, talked about what’s new in the Excel JavaScript APIs.
• Anand Menon, Principal Program Manager Lead, presented about Microsoft 365 App Certification.
• Daniel Fylstra, President @ Frontline Systems Inc., presented about the Analytic Solver add-in for Excel, a complex and powerful analytics modeling tool that they’ve ported from a COM add-in to a JavaScript add-in.
Similar to Implement Authorization in your Apps with Microsoft identity platform-June 2020 (20)
In this month's call, we covered:
-Power Apps Cookbook
-Practical AI Builder in Power Apps
-Integrating data sources with Flows
-News and Community Contributions
For more information, please visit https://powerapps.microsoft.com/en-us/
Learn about the new Microsoft Teams Shifts features with Microsoft Graph APIs and Power Automate to build rich Firstline Worker experiences.
Watch the video here https://youtu.be/qQSbTDwrQTE
For more information, visit https://developer.microsoft.com/en-us/microsoft-teams
In this month's call Matthijs Hoekstra, Microsoft identity platform Program Manager goes into detail about Decentralized Identities and shares scenarios you can build with it.
Watch the video - https://youtu.be/EuS_gV3RS28
Hosted by Todd Baginski and Charles Sterling, this month's call had a packed agenda including Power Apps Center of Excellence,
Mobile Player, demo of a School Bus Check-in App, and Demo Extravaganza Finalists Announced! Plus recent news and community contributions.
Watch video https://youtu.be/zir62gdPyT4
In May's Microsoft identity platform call, Navya Canumalla went into detail on MSAL Java and Python, including an overview, supported scenarios and calling patterns. Quickstart demo, token cache and ADAL to MSAL migration.
View recording https://youtu.be/yCCjNqFva9w
Resources:
MSAL Java https://aka.ms/msaljavadocs
MSAL Python https://aka.ms/msalpythondocs
Stay connected
Twitter https://twitter.com/microsoft365dev
YouTube https://aka.ms/M365DevYouTube
Blogs https://aka.ms/M365DevBlog
This month's call hosted by Todd Baginski and Charles Sterling, covered:
Today’s Team
Power Virtual Agents introduction and using Entities
Integrating Power Virtual Agents and Power Automate
Mixed Reality and GeoSpatial Components
Recent News and Community Activities
Q&A
The April Power Apps community call offers some of the best of what’s new and Power Apps tooling that you want to know about! Agenda includes Power Apps MVP and noted author, Todd Baginski covering what is new for Power Apps, Dona Sarkar of Windows Insider Fame on Power Apps training options, Dawid van Heerden another Power Apps MVP showing how to create pop up dialogs and Charles Sterling (aka Chuck) and Todd to cover using Application Insights with Power Apps.
Watch the video here https://youtu.be/hoA-ixTcGpI
For more information, visit us at https://powerapps.microsoft.com/
Hosted by Jeremy Thake, the agenda this month included:
-TLS 1.0/1.1 Deprecation for change notification subscriptions
-GetResourceSubscriptionPath
-Proposal for Versioning & API Evolution in Microsoft Graph
-Partner Demo – Klynke.com
Watch the recording here - https://youtu.be/Y9zUj58BobE
This month's call hosted by Todd Baginski and Brian Dang, included:
-Microsoft Teams Integration
-AI Builder Enhancements
-Searching Custom Entities
-Recent News and Community Activities
View the recording here - https://youtu.be/KR2xN7YJoWU
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Implement Authorization in your Apps with Microsoft identity platform-June 2020
1. Microsoft identity platform
June 18, 2020 | 9:00AM PST
Community call
Implement Authorization in your
Applications using App Roles, Security
Groups, Scopes and Directory Roles
(2020 edition)
Kalyan Krishna
Microsoft
2. Introduction
• First things first
• Please note: We are recording this call so those unable to attend can benefit from the recording.
• This call is designed for developers who implement or are interested in implementing Microsoft identity platform
solutions.
• What kind of topics will we discuss?
• We will address development related topics submitted to us by the community for discussion.
• We build a pipeline of topics for the next few weeks, please submit your feedback and topic suggestions -
https://aka.ms/IDDevCommunityCallSurvey
• View recordings on the Microsoft 365 Developer YouTube channel - https://aka.ms/M365DevYouTube
• Follow us on Twitter @Microsoft365Dev and @azuread
• This is NOT a support channel. Please use Stack Overflow to ask your immediate support related questions.
• When is the next session?
• Community Calls: Monthly – 3rd Thursday of every month
• Next Identity Developer Community Call: Jul 16th
4. Aboutthissession
Objectives
• Introduction to Authorization with Microsoft Identity Platform.
• Discuss various available features in detail.
Features
• App roles
• Groups
• Scopes
• Directory Roles
5. Prerequisites
• You are familiar with integrating apps with Azure Active Directory
• You have integrated web apps and secured web APIs with the Identity Platform
• You have a working understanding of the Permissions and Consent framework
• Only covers modern apps
7. AuthorizationintheMicrosoftIdentityplatform
• Authentication is the process of proving you are who you say you are. Authentication is sometimes shortened
to AuthN
• Authorization is the act of granting an authenticated party permission to do something. It specifies what data
and functionality you're allowed to access and what you can do with that data. Authorization is sometimes
shortened to AuthZ.
https://docs.microsoft.com/azure/active-directory/develop/authentication-vs-authorization
8. AuthorizationintheMicrosoftIdentityPlatform
The following built-in features are available to developers
• App Roles
• App roles assigned to users
• App roles assigned to apps, aka “Application Permissions”
• Security Groups
• Getting groups in tokens
• Nested group memberships
• Application Groups, aka Groups assigned to an application
• Groups Overage
• Scopes, aka “Delegated Permissions”
• Directory Roles
11. App
Roles
• Application roles are used to assign permissions to users and apps.
• They are specific to an application. Thus removing an app from AAD
will make these roles go away.
• They are provided to an app in the roles claim.
12. How it works
• Define app roles in an application’s manifest.
• Assign roles to users and security groups or apps
• Receive assigned roles in the user’s or app’s token
in the roles claim
14. App Roles for Users
• Define app roles that will be assigned to users in a tenant
• Developers write code for role permissions in their app
• The user assignment is usually done by members of the IT team than developers themselves.
• Will only be present in tokens if a user signs in
• Arguably the most popular mechanism for roles based AuthZ today
How to: Add app roles in your application and receive them in the token
23. Id_token with
groups and
roles
Roles in a
token will
be
provided
in the
“roles”
claim
{
"aud": "300e33f5-e62e-4581-acd2-542ece0965cc",
"iss": "htps://login.microsoftonline.com/536279f6-15cc-45f2-be2d-61e352b51eef/v2.0",
"iat": 1563969244,
"nbf": 1563969244,
"exp": 1563973144,
"aio": "AeQAG/8MAAAAYPOQy4ROQXwGbt+LpH37Q8I=",
"groups": [
"MSDemoUsers"
],
"name": "Kalyan Krishna",
"nonce": "6369956633167913NDUwODI0",
"oid": "98d51ac8-a756-43ef-876f-e7e64c89b323",
"preferred_username": "kkrishna@contosoorg.net",
"roles": [
"DirectoryViewers"
],
"sub": "bGcfwO94xuVM7Dv-O62Bb76ZlB9RzHa0R-48jtQgKgg",
"tid": "536279f6-15cc-45f2-be2d-61e352b51eef",
"uti": "WQBn7mDb2UygvE7fPrIfAA",
"ver": "2.0"
}
App roles for users
24. App roles Asp.net middleware configuration
// In Startup.Auth.cs
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
RoleClaimType = "roles",
},
// In Controllers and elsewhere
[Authorize(Roles = “DirectoryViewers, Subscriber, Writer, Approver")]
public ActionResult Index()
or
User.IsInRole("DirectoryViewers");
25. Asp.net core middleware configuration
// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// Other code
// By default, the claims mapping will map claim names in the old format to accommodate older SAML application.
// 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role' instead of 'roles’
// This flag ensures that the ClaimsIdentity claims collection will be built from the claims in the token
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
{
// The claim in the Jwt token where App roles are available.
options.TokenValidationParameters.RoleClaimType = "roles";
});
// In code..(Controllers & elsewhere)
[Authorize(Roles = “DirectoryViewers")]
or
User.IsInRole("DirectoryViewers");
26. App Roles for Users
• Using App roles limits the amount of information that needs to go into the token, is more secure, and
separates user assignment from app configuration.
• There is no explicit limit to number of app roles that can be declared for an app registration. The limit is
imposed by the total number of entries of all the collections in the manifest, which is combined at 1200.
• Their memberships are managed by app owners or users in the app admin roles.
• When assigning groups to Approles, note that, nested group memberships are not supported (yet).
• Use Microsoft Graph’s appRoleAssignment API to programmatically manage role memberships
27. App Roles for Users
• Enable “User assignment required” to make it functional or users not assigned to roles can still sign-in to your
app.
• Assigning groups to Approles is not available in Azure AD free edition
• Documentation - Add app roles in your application and receive them in the token
• Documentation - Assign a user or group to an enterprise app in Azure Active Directory
• Documentation - Delegate app registration permissions in Azure Active Directory
• Recommended Sample - Add authorization using app roles & roles claims to an ASP.NET Core web app
30. App Roles for apps
• Define app roles that will be assigned to apps in a tenant.
• Integrated with the consent framework. Popularly known as “Application Permissions”.
• The assignment can only be done via admin consent.
• Allows apps that do not sign-in user (daemons) authenticate themselves and obtain tokens for a protected
resource (web API)
How to: Add app roles in your application and receive them in the token
36. Request for role in your code
// With client credentials flows the scopes is ALWAYS of the shape "resource/.default", as the
// application permissions need to be set statically (in the portal or by PowerShell), and then granted by
// a tenant administrator
string[] scopes = new string[] { "https://kkaad.onmicrosoft.com/webapi/.default" };
AuthenticationResult result = null;
try
{
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
Console.WriteLine("Token acquired n");
}
catch (MsalServiceException ex) when (ex.Message.Contains("AADSTS70011"))
{
// Invalid scope. The scope has to be of the form "https://resourceurl/.default"
// Mitigation: change the scope to be as expected
Console.WriteLine("Scope provided is not supported");
}
38. Verify and use roles in your code
// GET: api/todolist
[HttpGet]
[Authorize(Roles = "access_as_application")]
public IActionResult Get()
{
return Ok(TodoStore.Values);
}
39. App Roles for Apps
• Use app roles to let apps request granular permissions to your resource. Study and learn from Microsoft
Graph
• The roles will only be granted once administrator consents.
• Scenario - Protected web API
• Documentation - Add app roles in your application and receive them in the token
• Recommended Sample - A .NET Core daemon console application using Microsoft identity platform
40.
41.
42. Security
Groups
• A Security Group is a collection of users assigned to the
group. Rights are assigned to them.
• These groups can be cloud-only or sync’d from on-
premise.
• Not tied to an app, security groups can be used in
multiple apps and for other access control purposes.
43. How it
works
• Users are assigned to security groups by tenant admins
or IT staff (usually).
• Developers code for a group’s permissions in their app.
• Enable group claims for your app in the App
registration portal.
• Use these group ids or names provided in the token in
your code to lookup assignments.
44. Changes to app registration
• None
• Securitygroups
• Including nested groups !
• Directoryroles
• AllGroups
• Security Groups
• Distribution Lists
• Directory roles
• Groupsassignedtotheapplication
• You choose the groups you want !
46. Let’s get group names instead
Bydefault,GroupIdswillbeemittedinthe
groupclaimvalue.
Validoptionsare:
"sam_account_name",
“dns_domain_and_sam_account_name”,
“netbios_domain_and_sam_account_name”,
"emit_as_roles"
Worksforon-premgroupsonly
Configure group claims for applications with Azure Active Directory
53. Groupsclaims
• Different features for cloud-only and on-prem groups
• Supports nested groups. Group claims in tokens include nested groups except when using the option to restrict
the group claims to groups assigned to the application (Application Groups)
• Groups and their memberships can be managed by the group owner and several Azure AD admin roles, and
the lifecycle is not controlled by the app.
• If the option to emit group data as roles is used, only groups will appear in the role claim. Any Application
Roles the user is assigned will not appear in the role claim
62. Groups assigned to application
• Just work with groups your application cares about. Application(s) get a filtered list of groups in tokens
• Needs Azure AD Premium P1
• Avoid token overage scenarios
• Set “User assignment required?” flag to true for best results as this allows users assigned to your
ApplicationGroups are the only ones signing-in to your app
• Does not support nested groups (yet)
76. Groups
overage
claim
• To ensure that the token size doesn’t exceed HTTP
header size limits, Azure AD limits the number of Ids
that it includes in the groups claim.
• If a user is member of more groups than the overage
limit (150 for SAML tokens, 200 for JWT tokens), then
Azure AD does not emit the groups claim in the
token.
• Instead, it includes an overage claim in the token that
indicates to the application to query the Graph API to
retrieve the user’s group membership.
77. Token with
overage
Emitted when a user is
member of more groups
than the overage limit
200 for JWT tokens
150 for SAML tokens
6 for Implicit Flow
{
"aud": "19a7ff3f-24fd-40ba-884b-f00e00179fdf",
"iss": "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0",
"iat": 1563966830,
"nbf": 1563966830,
"exp": 1563970730,
"_claim_names": {
"groups": "src1"
},
"_claim_sources": {
"src1": {
"endpoint": "https://graph.windows.net/72f988bf-86f1-41af-91ab-
2d7cd011db47/users/32fe213d-e4d1-4973-96f9-1901ec32a16c/getMemberObjects"
}
},
"aio": "AWQAm/8MAAAG29wflVSWrAYPL8T",
"name": "Kalyan Krishna",
"oid": "32fe213d-e4d1-4973-96f9-1901ec32a16c",
"preferred_username": "kkrishna@microsoft.com",
"sub": "mPkIo6qb0M8qYT5ULpqXJscrKhWkz-FecFsRA4NeH8w",
"tid": "72f988bf-86f1-41af-91ab-2d7cd011db47",
"uti": "38iX3BfTa0S3IOKfdLoJAA",
"ver": "2.0"
}
78. Groups
overage
claim-
Implicit flow
• The overage indication and limits are different than
the apps using other flows.
• A claim named hasgroups with a value of true will be
present in the token instead of the overage
(_claim_names) claim .
• The maximum number of groups provided in the
groups claim is limited to 6 (six). This is done to
prevent the URI fragment beyond the URL length
limits.
79. Steps to process
groups claim
• Check for the claim _claim_names with one of
the values being groups. This indicates
overage.
• If found, make a call to the endpoint specified in
_claim_sources to fetch user’s groups.
• This requires an access token for Graph with
the User.Read and GroupMember.Read.All
permissions to call getMemberObjects Api
• If none found, look into the groups claim for
user’s groups.
80. Groupsoverage
• Consider using Application Roles to provide a layer of indirection between the group membership and the
application. The application then makes internal authorization decisions based on role clams in the token.
• Handing overage scenarios builds dependency on MS Graph, which requires additional effort on part of the
developer
82. Scopes
• Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account.
• An application can request one or more scopes, this information is then presented to the user in the consent
screen, and the access token issued to the application will be limited to the scopes granted.
• Resources, like Microsoft Graph (https://graph.microsoft.com) are good examples that extensively use scopes
• In Microsoft Identity Platform terminology Scopes are popularly referred to as “Delegated Permissions”
• Apps need to expose at least one scope to be able to sign-in users
https://oauth.net/2/scope/
87. Request for scope in your code
// Get an access token to call the ToDo service.
AuthenticationResult result = null;
try
{
result = await _app.AcquireTokenSilent(new string[] {"https://kkmsftad.onmicrosoft.com/mywebapi/access_as_user" },
accounts.FirstOrDefault())
.ExecuteAsync()
.ConfigureAwait(false);
}
// There is no access token in the cache, so prompt the user to sign-in.
catch (MsalUiRequiredException)
{
result = await _app.AcquireTokenInteractive(new string[] {"https://kkmsftad.onmicrosoft.com/mywebapi/access_as_user" })
.WithAccount(accounts.FirstOrDefault())
.WithPrompt(Prompt.SelectAccount)
.ExecuteAsync()
.ConfigureAwait(false);
}
catch (MsalException ex)
{
// An unexpected error occurred.
MessageBox.Show(ex.Message);
return;
}
89. Granted
scopes are
provided in
the ‘scp’
claim
{
"aud": "5ce15bc4-cfa5-4651-b8c9-59577b783125", // App id of your Api
"iss": "https://login.microsoftonline.com/4d39e0b-7068ddd47949/v2.0",
"azp": "30f6f7b2-5e76-4d9e-a0b1-ad10f8c6f41f",
"name": "Administrator",
"oid": "e15070b1-c07e-4f29-9f06-4da797e9477b",
"preferred_username": "administrator@kkmsftad.onmicrosoft.com",
"scp": "access_as_user",
"sub": "fn-EljUpW9zhzb3zM_1K576_7FJzVJnxPv4V1zVbkqE",
"tid": "4d39e77c-b0f3-4253-ae0b-7068ddd47949",
"ver": "2.0"
}
90. Verify in your code
/// <summary>
/// The Web API will only accept tokens 1) for users, and
/// 2) having the access_as_user scope for this API
/// </summary>
static readonly string[] scopeRequiredByApi = new string[] { "access_as_user" };
// GET: api/values
[HttpGet]
public IEnumerable<TodoItem> Get()
{
HttpContext.VerifyUserHasAnyAcceptedScope(scopeRequiredByApi);
string owner = User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
return TodoStore.Where(t => t.Owner == owner).ToList();
}
91. Scopes
Scope requesting pattern. The following pattern is expected of apps when requesting scopes from Azure AD
• Scope = “[App ID URI]/[Scope1] [App ID URI]/[Scope2]” (separated by space)
• Scope = “[App ID URI]/.default]” (requires scopes declared upfront)
• For an App ID URI -> https://contoso.onmicrosoft.com/myWebAPI
• Scope = “https://contoso.onmicrosoft.com/myWebAPI/Scope1 https://contoso.onmicrosoft.com/myWebAPI/Scope2”
• Scope = “https://contoso.onmicrosoft.com/myWebAPI/.default” (requires scopes declared upfront)
When an App Id URI is not provided, https://graph.microsoft.com is automatically assumed.
For example
Scope = “User.Read Directory.Read.All”
is translated to
Scope = “https://graph.microsoft.com/User.Read https://graph.microsoft.com/Directory.Read.All”
Scopes and permissions in the Microsoft Identity Platform
92. Scopes
• Scopes (“Delegated Permissions”) are only used in scenarios when a user signs in. For applications, use App
roles
• Use scopes to let apps request granular permissions to your resource. Study and learn from Microsoft Graph
• Scopes can be consented by both users and tenant admins
• Documentation - Permissions and consent in the Microsoft identity platform endpoint
• Scenario walkthrough - Protected web API
• Recommended Sample - Calling an ASP.NET Core Web API from a WPF application
98. Use Graph to resolve the role id
https://docs.microsoft.com/en-us/graph/api/directoryroletemplate-get
99. Directory Roles
• Useful for apps that wish to drive authorization using Azure AD’s roles
• Only works for built-in roles (tenant scoped).
• Only available for authentication flows that sign in users.
• Documentation - Assign administrator and non-administrator roles to users with Azure Active Directory
100.
101. More
references
Microsoft identity platform’s permissions and consent framework
How to protect APIs using the Microsoft identity platform
Azure Active Directory app manifest
Azure AD Connect sync: Understanding Users, Groups, and Contacts
Azure Active Directory pricing
Configure Microsoft 365 Groups with on-premises Exchange hybrid
103. Join the Developer Program
Benefits
Free renewable Office 365 E5 subscription
Be your own admin
Dev sandbox creation tools
Preload sample users and data for Microsoft Graph, and more
Access to Microsoft 365 experts
Join bootcamps and monthly community calls
Tools, training and documentation
Learn, discover and explore about Office 365 development
Blogs, newsletters and social
Stay up to date with the community
https://aka.ms/o365devprogram
104. Resources
Stack Overflow Support
@AzureAD, @msiddev
developer.microsoft.com/identity/blogs/
Azure Active Directory Microsoft Identity Platform Microsoft Graph
Quick Starts Graph Explorer MSAL Libraries
UserVoice MSAL Survey
github.com/AzureAD
aka.ms/MsIdStackOverflow
azure.microsoft.com/services/active-directory
aka.ms/AzureADAppGallery
105. Microsoft Confidential
Engage with us!
Topic Feedback type Forum URL Who supports
All identity developer topics
(Auth libraries, MS Graph, App
Registration portals)
Community-driven
developer Support for
Questions and Answers
Stack Overflow
https://stackoverflow.com/questions/tagged/azure-
active-directory+or+microsoft-graph+or+azure-ad-
conditional-access
Supported by Microsoft and community
Authentication Libraries –
ADAL, MSAL, Auth Middleware
Library issues, bugs, open
source contributions
GitHub
https://docs.microsoft.com/azure/active-
directory/develop/active-directory-authentication-
libraries
Azure AD teams manage issues, bugs
and review/ approve contribution
Azure AD, MS Graph, Libraries,
App Registration – Developer
Experiences
Feature requests,
suggestions for product
improvements
Azure Feedback
Azure Feedback for Authentication and also
AppRegFeedback@microsoft.com for portal specific
feedback. User Voice for Microsoft Graph
Azure AD teams triage feature requests
All identity developer topics
(Auth libraries, MS Graph, App
Registration portals)
Discussion with other MVPs
and NDA community
Yammer Identity
Developer Advisors
https://www.yammer.com/cepartners/#/threads/in
Group?type=in_group&feedId=13045972992&view=
all
Engagement with Identity Advisors and
Microsoft product groups
Identity developer topics for
Auth
Delve deep into complex
identity related
development topics live Community Office Hours
Msiddev Twitter handle and the
Microsoft developer portal
Opportunity to make questions and
answers in real time to product teams
via live conference
All developer topics Assisted support for
developers
Customer Service and
Support
More information on support options:
https://aka.ms/devexhelpsupport
Direct 1:1 help from our support
engineering teams
106. Recording will be available soon on our
Microsoft 365 Developer YouTube channel
https://aka.ms/M365DevYouTube
(subscribe today)
Follow us on Twitter
@Microsoft365Dev and @azuread
Next call: Jun 18th at 9:00am PST
https://aka.ms/IDDevCommunityCalendar
Thank you
Editor's Notes
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "User readers can read basic profiles of all users in the directory",
"displayName": "UserReaders",
"id": "a816142a-2e8e-46c4-9997-f984faccb625",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "UserReaders"
},
{
"allowedMemberTypes": [
"User"
],
"description": "Directory viewers can view objects in the whole directory.",
"displayName": "DirectoryViewers",
"id": "72ff9f52-8011-49e0-a4f4-cc1bb26206fa",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "DirectoryViewers"
}
],
Go to Azure portal and add roles to the app
Assign both users and groups to roles
Run fiddler and show groups and roles claims in token.
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/5-WebApp-AuthZ/5-1-Roles/README.md
Great benefits of app roles
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
So how do you get security groups to work for you?
Go to Azure portal and create a few groups, including “Alice’s team”. Assign users to security groups.
Create your web app and enable Security groups in claims.
Run fiddler and show groups claims in token.
https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/5-WebApp-AuthZ/5-2-Groups/README.md