SlideShare a Scribd company logo

Mastering Modern Authentication and Authorization for SharePoint and Office Applications

Download as POTX, PDF
Eric Shupps
Eric Shupps

In the cloud-first era, application development for SharePoint, Office 365 and Azure AD requires strong working knowledge of modern authentication and authorization techniques across multiple platforms. In this deep-dive session, developers will learn how to create secure, cloud-ready applications using OAuth, ADAL, and Azure AD to communicate with the Microsoft Graph, SharePoint, and other cloud-connected services.

Technology
1 of 30
Eric Shupps Office Servers & Services MVP @eshupps sharepointcowboy slideshare.net/eshupps linkedin.com/in/eshupps github.com/eshupps
Agenda Introduction Authentication Authorization Permissions
Introduction
Full Trust SSO* NTLM/FBA Inherited Add-Ins MSO OAuth Explicit SPFx MSO OAuth Inherited Azure SSO OAuth Multi-Tenant
User authentication on-premises and in the cloud Managing identities across different application types Obtaining, storing and processing authorization tokens Traversing applications within a single tenant context Deploying applications to multiple tenants Supporting mobile devices and apps
Authentication
Wide range of supported authentication types Distributed identity management Instance-based consent framework Multiple contexts
Inherits authentication type from parent Centralized identity management (out of scope) Instance-based consent framework Inherited context
Single sign on across all cloud applications Centralized API-accessible identity management User or tenant consent framework (with optional group assignment) Explicit context per endpoint
Authorization
Open standard for app integration and authorization Authentication independent Token-based scheme for enforcement of explicit trust relationships Permission scopes (grants) define access boundaries Explicit or inherited authorization context
Authorization Endpoint Application Registration User/Admin Consent Authorization Code Access Token Refresh Token User App Provider User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3 Reference: https://oauth.net/2/
Authorization Exchange authorization codes for access tokens Refresh tokens enable long-lived sessions Designed for native clients and server- side API’s Client Credential Requires app authorization consent from administrator Shared secrets or certificates used to request tokens Designed for service apps and server-to- server scenarios Implicit Retrieve access tokens directly from single endpoint No refresh tokens (local session management only) Designed for SPA's (requires manifest modification)
Use authorization/request tokens to obtain short-lived access tokens Include access tokens in resource calls Store refresh tokens to obtain new access tokens upon expiration Track tokens by tenant (multi-tenant), app or user Force token expiration to prompt authentication Utilize client secret only in confidential client apps
Property Policy String Affects Default Minimum Maximum Access Token Lifetime AccessTokenLifetime Access tokens, ID tokens, SAML 2 tokens 1 hour 10 minutes 1 day Refresh Token Max Inactive Time MaxInactiveTime Refresh tokens 90 days 10 minutes 90 days Single-Factor Refresh Token Max Age MaxAgeSingleFactor Refresh tokens (for any users) Until revoked 10 minutes Until revoked Multi-Factor Refresh Token Max Age MaxAgeMultiFactor Refresh tokens (for any users) Until revoked 10 minutes Until revoked Single-Factor Session Token Max Age MaxAgeSessionSingle Factor Session tokens (persistent and non- persistent) Until revoked 10 minutes Until revoked Multi-Factor Session Token Max Age MaxAgeSessionMulti Factor Session tokens (persistent and non- persistent) Until revoked 10 minutes Until revoked Reference: http://bit.ly/2IUuJNo
ADAL.js* AadHttpClient & MSGraphClient Manage permissions in Azure portal via SharePoint Online Client Extensibility app Include scope requests in manifest Tenant-wide admin consent Manageable via O365 admin center BEWARE THE SINGLETON! https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient Reference: http://bit.ly/2wTQok5
Register app in Azure Configure redirect URI Configure manifest with oauth2AllowImplicitFlow = true Assign permission grant Use ADAL.js for authorization Leverage the Authenticator for SSO across applications Reference: http://bit.ly/2rTEzW1
Permissions
Scope URI Available Rights http://sharepoint/content/tenant Read, Write, Manage, FullControl http://sharepoint/content/sitecollection Read, Write, Manage, FullControl http://sharepoint/content/sitecollection/web Read, Write, Manage, FullControl http://sharepoint/content/sitecollection/web/l ist Read, Write, Manage, FullControl http://sharepoint/bcs/connection Read http://sharepoint/search QueryAsUserIgnoreAppPrincipal http://sharepoint/social/tenant Read, Write, Manage, FullControl http://sharepoint/social/core Read, Write, Manage, FullControl http://sharepoint/social/microfeed Read, Write, Manage, FullControl http://sharepoint/taxonomy Read,Write Reference: http://bit.ly/2wW4lOr
Graph Azure AD TENANT SCOPED DOES NOT Reference: http://bit.ly/2IUcqId PS C:> Enable-SPOTenantServicePrincipal
Types Application Delegated Administrative Level Minimum: “Sign in and read user profile” Beware permission level restrictions for consent Resources Exchange Yammer Azure AD SharePoint Online Power BI Azure Management O365 Management Skype Reference: http://bit.ly/2rV8FII
https://www.slideshare.net/eshupps https://www.github.com/eshupps
Mastering Modern Authentication and Authorization for SharePoint and Office Applications

Recommended

Saml sso by Tamil on nullblrmeet 21st July 2015
Saml sso by Tamil on nullblrmeet 21st July 2015Saml sso by Tamil on nullblrmeet 21st July 2015
Saml sso by Tamil on nullblrmeet 21st July 2015
n|u - The Open Security Community
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions
 
Introduction to SAML
Introduction to SAMLIntroduction to SAML
Introduction to SAML
Clément OUDOT
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
Clément OUDOT
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson
 
Owasp webgoat
Owasp webgoatOwasp webgoat
Owasp webgoat
Zakaria SMAHI
 

Recommended

Saml sso by Tamil on nullblrmeet 21st July 2015
Saml sso by Tamil on nullblrmeet 21st July 2015Saml sso by Tamil on nullblrmeet 21st July 2015
Saml sso by Tamil on nullblrmeet 21st July 2015
n|u - The Open Security Community
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
Mindfire Solutions
 
Introduction to SAML
Introduction to SAMLIntroduction to SAML
Introduction to SAML
Clément OUDOT
 
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled peopleRMLL 2013 - The SAML Protocol: Single Sign On for skilled people
RMLL 2013 - The SAML Protocol: Single Sign On for skilled people
Clément OUDOT
 
Single sign on using SAML
Single sign on using SAML Single sign on using SAML
Single sign on using SAML
Programming Talents
 
SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol Overview
Mike Schwartz
 
Owasp top 10_openwest_2019
Owasp top 10_openwest_2019Owasp top 10_openwest_2019
Owasp top 10_openwest_2019
Sean Jackson
 
Owasp webgoat
Owasp webgoatOwasp webgoat
Owasp webgoat
Zakaria SMAHI
 
Building Layers of Defense with Spring Security
Building Layers of Defense with Spring SecurityBuilding Layers of Defense with Spring Security
Building Layers of Defense with Spring Security
Joris Kuipers
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
Prabath Siriwardena
 
Spring Security
Spring SecuritySpring Security
Spring Security
Manish Sharma
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
ForgeRock
 
Certificate pinning v certificate transparency
Certificate pinning v certificate transparencyCertificate pinning v certificate transparency
Certificate pinning v certificate transparency
DianaKhersonskaia
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
Iam f42 a
Iam f42 aIam f42 a
Iam f42 a
SelectedPresentations
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
jbsysatm
 
Introduction to Azure Web Applications
Introduction to Azure Web ApplicationsIntroduction to Azure Web Applications
Introduction to Azure Web Applications
JoAnna Cheshire
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
 
Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
Pascal Flamand
 
Security of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To AvoidSecurity of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To Avoid
slicklash
 
Dragonwaf
DragonwafDragonwaf
Dragonwaf
beckygill
 
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Eric Shupps
 
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
European Collaboration Summit
 
ECS 2018: Introduction to Azure Web Applications
ECS 2018: Introduction to Azure Web ApplicationsECS 2018: Introduction to Azure Web Applications
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
SPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsSPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web Applications
NCCOMMS
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
Michele Leroux Bustamante
 
Better Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern AppsBetter Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern Apps
Shrivatsa Upadhye
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
CA API Management
 

More Related Content

What's hot

Building Layers of Defense with Spring Security
Building Layers of Defense with Spring SecurityBuilding Layers of Defense with Spring Security
Building Layers of Defense with Spring Security
Joris Kuipers
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
Prabath Siriwardena
 
Spring Security
Spring SecuritySpring Security
Spring Security
Manish Sharma
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
ForgeRock
 
Certificate pinning v certificate transparency
Certificate pinning v certificate transparencyCertificate pinning v certificate transparency
Certificate pinning v certificate transparency
DianaKhersonskaia
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
Prabath Siriwardena
 
Iam f42 a
Iam f42 aIam f42 a
Iam f42 a
SelectedPresentations
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
jbsysatm
 
Introduction to Azure Web Applications
Introduction to Azure Web ApplicationsIntroduction to Azure Web Applications
Introduction to Azure Web Applications
JoAnna Cheshire
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
Mike Schwartz
 
Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
Pascal Flamand
 
Security of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To AvoidSecurity of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To Avoid
slicklash
 
Dragonwaf
DragonwafDragonwaf
Dragonwaf
beckygill
 

What's hot (14)

Building Layers of Defense with Spring Security
Building Layers of Defense with Spring SecurityBuilding Layers of Defense with Spring Security
Building Layers of Defense with Spring Security
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
 
Certificate pinning v certificate transparency
Certificate pinning v certificate transparencyCertificate pinning v certificate transparency
Certificate pinning v certificate transparency
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Iam f42 a
Iam f42 aIam f42 a
Iam f42 a
 
Spring security jwt tutorial toptal
Spring security jwt tutorial toptalSpring security jwt tutorial toptal
Spring security jwt tutorial toptal
 
Introduction to Azure Web Applications
Introduction to Azure Web ApplicationsIntroduction to Azure Web Applications
Introduction to Azure Web Applications
 
LASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. OauthLASCON 2017: SAML v. OpenID v. Oauth
LASCON 2017: SAML v. OpenID v. Oauth
 
Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
 
Security of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To AvoidSecurity of Web Applications: Top 6 Risks To Avoid
Security of Web Applications: Top 6 Risks To Avoid
 
Dragonwaf
DragonwafDragonwaf
Dragonwaf
 

Similar to Mastering Modern Authentication and Authorization for SharePoint and Office Applications

Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Eric Shupps
 
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
European Collaboration Summit
 
ECS 2018: Introduction to Azure Web Applications
ECS 2018: Introduction to Azure Web ApplicationsECS 2018: Introduction to Azure Web Applications
ECS 2018: Introduction to Azure Web Applications
Eric Shupps
 
SPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsSPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web Applications
NCCOMMS
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
Michele Leroux Bustamante
 
Better Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern AppsBetter Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern Apps
Shrivatsa Upadhye
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
CA API Management
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
anikristo
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
Nino Ho
 
Jenkins Terraform Vault
Jenkins Terraform VaultJenkins Terraform Vault
Jenkins Terraform Vault
Shrivatsa Upadhye
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Eric Shupps
 
Creating cloud ready enterprise applications with the sharepoint 2013 app model
Creating cloud ready enterprise applications with the sharepoint 2013 app modelCreating cloud ready enterprise applications with the sharepoint 2013 app model
Creating cloud ready enterprise applications with the sharepoint 2013 app model
InnoTech
 
Api security
Api security Api security
Api security
teodorcotruta
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Information Security Awareness Group
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
Ananth Padmanabhan
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
Rahul Krishna Upadhyaya
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
Satya Sanjibani Routray
 
Integration step up session
Integration step up sessionIntegration step up session
Integration step up session
Amit Behere
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
Eduardo Pelegri-Llopart
 

Similar to Mastering Modern Authentication and Authorization for SharePoint and Office Applications (20)

Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
Mastering Modern Authentication and Authorization Techniques for SharePoint, ...
 
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
[Shupps] Introduction to Azure Web Applications for Office and SharePoint Dev...
 
ECS 2018: Introduction to Azure Web Applications
ECS 2018: Introduction to Azure Web ApplicationsECS 2018: Introduction to Azure Web Applications
ECS 2018: Introduction to Azure Web Applications
 
SPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web ApplicationsSPUnite17 Introduction to Azure Web Applications
SPUnite17 Introduction to Azure Web Applications
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
Better Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern AppsBetter Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern Apps
 
Enable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePointEnable Secure Mobile & Web Access to Microsoft SharePoint
Enable Secure Mobile & Web Access to Microsoft SharePoint
 
(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview(1) OAuth 2.0 Overview
(1) OAuth 2.0 Overview
 
Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares Oauth Nightmares Abstract OAuth Nightmares
Oauth Nightmares Abstract OAuth Nightmares
 
Jenkins Terraform Vault
Jenkins Terraform VaultJenkins Terraform Vault
Jenkins Terraform Vault
 
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
Creating Cloud-Ready Enterprise Applications with the SharePoint 2013 Add-In ...
 
Creating cloud ready enterprise applications with the sharepoint 2013 app model
Creating cloud ready enterprise applications with the sharepoint 2013 app modelCreating cloud ready enterprise applications with the sharepoint 2013 app model
Creating cloud ready enterprise applications with the sharepoint 2013 app model
 
Api security
Api security Api security
Api security
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for docker
 
Integration step up session
Integration step up sessionIntegration step up session
Integration step up session
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
 

More from Eric Shupps

Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Eric Shupps
 
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Eric Shupps
 
A Beginners Guide to Custom Connectors for Power Apps and Power Automate
A Beginners Guide to Custom Connectors for Power Apps and Power AutomateA Beginners Guide to Custom Connectors for Power Apps and Power Automate
A Beginners Guide to Custom Connectors for Power Apps and Power Automate
Eric Shupps
 
App to AppExchange - A Journey from Idea to Market for Salesforce Developers
App to AppExchange - A Journey from Idea to Market for Salesforce DevelopersApp to AppExchange - A Journey from Idea to Market for Salesforce Developers
App to AppExchange - A Journey from Idea to Market for Salesforce Developers
Eric Shupps
 
Beginners Guide to Custom Connectors for Power Apps and Power Automate
Beginners Guide to Custom Connectors for Power Apps and Power AutomateBeginners Guide to Custom Connectors for Power Apps and Power Automate
Beginners Guide to Custom Connectors for Power Apps and Power Automate
Eric Shupps
 
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
Eric Shupps
 
OSH01 - Developing SharePoint Framework Solutions for the Enterprise
OSH01 - Developing SharePoint Framework Solutions for the EnterpriseOSH01 - Developing SharePoint Framework Solutions for the Enterprise
OSH01 - Developing SharePoint Framework Solutions for the Enterprise
Eric Shupps
 
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Eric Shupps
 
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Eric Shupps
 
SharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development WorkshopSharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development Workshop
Eric Shupps
 
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
Eric Shupps
 
Overcoming Gender Imbalance in the Technical Field
Overcoming Gender Imbalance in the Technical FieldOvercoming Gender Imbalance in the Technical Field
Overcoming Gender Imbalance in the Technical Field
Eric Shupps
 
Enterprise Content Management Solutions in SharePoint and Office 365
Enterprise Content Management Solutions in SharePoint and Office 365Enterprise Content Management Solutions in SharePoint and Office 365
Enterprise Content Management Solutions in SharePoint and Office 365
Eric Shupps
 
Introduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesIntroduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core Libraries
Eric Shupps
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
Eric Shupps
 
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
Eric Shupps
 
SharePoint and Office 365 Performance Best Practices
SharePoint and Office 365 Performance Best PracticesSharePoint and Office 365 Performance Best Practices
SharePoint and Office 365 Performance Best Practices
Eric Shupps
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint Developers
Eric Shupps
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint Developers
Eric Shupps
 
Rev Your Engines - SharePoint Performance Best Practices
Rev Your Engines - SharePoint Performance Best PracticesRev Your Engines - SharePoint Performance Best Practices
Rev Your Engines - SharePoint Performance Best Practices
Eric Shupps
 

More from Eric Shupps (20)

Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
Microsoft Ignite 2022 - Scaling, Securing, Managing, and Publishing Power Pla...
 
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
Scaling, Securing, Managing, and Publishing Power Platform Custom Connectors....
 
A Beginners Guide to Custom Connectors for Power Apps and Power Automate
A Beginners Guide to Custom Connectors for Power Apps and Power AutomateA Beginners Guide to Custom Connectors for Power Apps and Power Automate
A Beginners Guide to Custom Connectors for Power Apps and Power Automate
 
App to AppExchange - A Journey from Idea to Market for Salesforce Developers
App to AppExchange - A Journey from Idea to Market for Salesforce DevelopersApp to AppExchange - A Journey from Idea to Market for Salesforce Developers
App to AppExchange - A Journey from Idea to Market for Salesforce Developers
 
Beginners Guide to Custom Connectors for Power Apps and Power Automate
Beginners Guide to Custom Connectors for Power Apps and Power AutomateBeginners Guide to Custom Connectors for Power Apps and Power Automate
Beginners Guide to Custom Connectors for Power Apps and Power Automate
 
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
OSW06 - A Real World Guide to Building Highly Available Fault Tolerant ShareP...
 
OSH01 - Developing SharePoint Framework Solutions for the Enterprise
OSH01 - Developing SharePoint Framework Solutions for the EnterpriseOSH01 - Developing SharePoint Framework Solutions for the Enterprise
OSH01 - Developing SharePoint Framework Solutions for the Enterprise
 
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
Developing SharePoint Framework Solutions for the Enterprise (SPC 2019)
 
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
Developing SharePoint Framework Solutions for the Enterprise - SEF 2019
 
SharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development WorkshopSharePoint and Office 365 Development Workshop
SharePoint and Office 365 Development Workshop
 
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
SharePoint 24x7x365 Architecting for High Availability, Fault Tolerance and D...
 
Overcoming Gender Imbalance in the Technical Field
Overcoming Gender Imbalance in the Technical FieldOvercoming Gender Imbalance in the Technical Field
Overcoming Gender Imbalance in the Technical Field
 
Enterprise Content Management Solutions in SharePoint and Office 365
Enterprise Content Management Solutions in SharePoint and Office 365Enterprise Content Management Solutions in SharePoint and Office 365
Enterprise Content Management Solutions in SharePoint and Office 365
 
Introduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core LibrariesIntroduction to the Office Dev PnP Core Libraries
Introduction to the Office Dev PnP Core Libraries
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
 
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
From Zero to Hero: A Real World Guide to Building High Availability SharePoin...
 
SharePoint and Office 365 Performance Best Practices
SharePoint and Office 365 Performance Best PracticesSharePoint and Office 365 Performance Best Practices
SharePoint and Office 365 Performance Best Practices
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint Developers
 
Introduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint DevelopersIntroduction to Azure Web Applications for Office and SharePoint Developers
Introduction to Azure Web Applications for Office and SharePoint Developers
 
Rev Your Engines - SharePoint Performance Best Practices
Rev Your Engines - SharePoint Performance Best PracticesRev Your Engines - SharePoint Performance Best Practices
Rev Your Engines - SharePoint Performance Best Practices
 

Recently uploaded

Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 

Recently uploaded (20)

Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfareArtificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic Warfare
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 

Mastering Modern Authentication and Authorization for SharePoint and Office Applications

  • 1.
  • 2.
  • 3. Eric Shupps Office Servers & Services MVP @eshupps sharepointcowboy slideshare.net/eshupps linkedin.com/in/eshupps github.com/eshupps
  • 7. User authentication on-premises and in the cloud Managing identities across different application types Obtaining, storing and processing authorization tokens Traversing applications within a single tenant context Deploying applications to multiple tenants Supporting mobile devices and apps
  • 9. Wide range of supported authentication types Distributed identity management Instance-based consent framework Multiple contexts
  • 10. Inherits authentication type from parent Centralized identity management (out of scope) Instance-based consent framework Inherited context
  • 11. Single sign on across all cloud applications Centralized API-accessible identity management User or tenant consent framework (with optional group assignment) Explicit context per endpoint
  • 12.
  • 14. Open standard for app integration and authorization Authentication independent Token-based scheme for enforcement of explicit trust relationships Permission scopes (grants) define access boundaries Explicit or inherited authorization context
  • 15. Authorization Endpoint Application Registration User/Admin Consent Authorization Code Access Token Refresh Token User App Provider User requests access App requests Request Token Provider returns Request Token App builds auth link w/ Request Token User requests URL + Request Token Provider returns access token User requests URL + Access Token App validates access token Access token validated User granted access 1 2 3 Reference: https://oauth.net/2/
  • 16. Authorization Exchange authorization codes for access tokens Refresh tokens enable long-lived sessions Designed for native clients and server- side API’s Client Credential Requires app authorization consent from administrator Shared secrets or certificates used to request tokens Designed for service apps and server-to- server scenarios Implicit Retrieve access tokens directly from single endpoint No refresh tokens (local session management only) Designed for SPA's (requires manifest modification)
  • 17. Use authorization/request tokens to obtain short-lived access tokens Include access tokens in resource calls Store refresh tokens to obtain new access tokens upon expiration Track tokens by tenant (multi-tenant), app or user Force token expiration to prompt authentication Utilize client secret only in confidential client apps
  • 18. Property Policy String Affects Default Minimum Maximum Access Token Lifetime AccessTokenLifetime Access tokens, ID tokens, SAML 2 tokens 1 hour 10 minutes 1 day Refresh Token Max Inactive Time MaxInactiveTime Refresh tokens 90 days 10 minutes 90 days Single-Factor Refresh Token Max Age MaxAgeSingleFactor Refresh tokens (for any users) Until revoked 10 minutes Until revoked Multi-Factor Refresh Token Max Age MaxAgeMultiFactor Refresh tokens (for any users) Until revoked 10 minutes Until revoked Single-Factor Session Token Max Age MaxAgeSessionSingle Factor Session tokens (persistent and non- persistent) Until revoked 10 minutes Until revoked Multi-Factor Session Token Max Age MaxAgeSessionMulti Factor Session tokens (persistent and non- persistent) Until revoked 10 minutes Until revoked Reference: http://bit.ly/2IUuJNo
  • 19.
  • 20. ADAL.js* AadHttpClient & MSGraphClient Manage permissions in Azure portal via SharePoint Online Client Extensibility app Include scope requests in manifest Tenant-wide admin consent Manageable via O365 admin center BEWARE THE SINGLETON! https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient Reference: http://bit.ly/2wTQok5
  • 21. Register app in Azure Configure redirect URI Configure manifest with oauth2AllowImplicitFlow = true Assign permission grant Use ADAL.js for authorization Leverage the Authenticator for SSO across applications Reference: http://bit.ly/2rTEzW1
  • 22.
  • 24. Scope URI Available Rights http://sharepoint/content/tenant Read, Write, Manage, FullControl http://sharepoint/content/sitecollection Read, Write, Manage, FullControl http://sharepoint/content/sitecollection/web Read, Write, Manage, FullControl http://sharepoint/content/sitecollection/web/l ist Read, Write, Manage, FullControl http://sharepoint/bcs/connection Read http://sharepoint/search QueryAsUserIgnoreAppPrincipal http://sharepoint/social/tenant Read, Write, Manage, FullControl http://sharepoint/social/core Read, Write, Manage, FullControl http://sharepoint/social/microfeed Read, Write, Manage, FullControl http://sharepoint/taxonomy Read,Write Reference: http://bit.ly/2wW4lOr
  • 25.
  • 26. Graph Azure AD TENANT SCOPED DOES NOT Reference: http://bit.ly/2IUcqId PS C:> Enable-SPOTenantServicePrincipal
  • 27. Types Application Delegated Administrative Level Minimum: “Sign in and read user profile” Beware permission level restrictions for consent Resources Exchange Yammer Azure AD SharePoint Online Power BI Azure Management O365 Management Skype Reference: http://bit.ly/2rV8FII
  • 28.