SlideShare a Scribd company logo

Using Windows Azure for Solving Identity Management Challenges

Download as PPTX, PDF
Michael Collier
Michael Collier
Technology
1 of 38
Using Windows Azure for Solving Identity Management Challenges Michael S. Collier
Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
Platinum Sponsors Gold Sponsors
What We’re Talking About • Identity - Current State and in The Cloud • Windows Azure solutions • Mobile Services • Access Control Service (ACS) • Windows Azure Active Directory 6
Who Are You? • Personalization • Business Rules • Functionality / Features 7
Traditional Identity Management • IT Pro – controls the known world • Developers – blissfully ignorant? 8 AD SQL My Enterprise LOB App
Cloud . . . A New Challenge • Move the application & data • Islands of identity • Outside of “traditional” IT world • External users / partners • BYOD • Developers ignorant no more • Developers + IT Pros 9
10 Windows Azure Options Mobile Services Active Directory Access Control Service (ACS) Server Active Directory AD w/ DirSync
Mobile Services • Goal – easily build cloud-powered mobile apps • Built-in support for multiple social identity providers 11 private async System.Threading.Tasks.Task Authenticate() { while (user == null) { string message; try { user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.Twitter); message = string.Format("You are now logged in - {0}", user.UserId); CurrentUser.Text = "Welcome, " + App.MobileService.CurrentUser.UserId; } catch (InvalidOperationException) { message = "You must log in. Login Required"; } var dialog = new MessageDialog(message); dialog.Commands.Add(new UICommand("OK")); await dialog.ShowAsync(); } } Facebook Google MicrosoftAccount Twitter
Mobile Services 12
Authentication • Microsoft Account, Facebook, Twitter, and Google • OAuth • Does not use Windows Azure ACS
Authentication • Microsoft Account – Use the Live SDK • Tight integration with Windows Live services
More Mobile Services? • Programming Windows Azure Mobile Services • Jason Farrell • Wednesday at 10:30am • Portia 15
Access Control Service (ACS) • Federated identity/authentication service • Google, Microsoft Account, Yahoo!, ADFS v2 • Bring your own membership • Claims-based authorization • Browser based (302 redirect) • Focus on your app 16
DEMO TIME!!! Access Control Service (ACS)
ACS Tips • Enrich claims w/ a ClaimsAuthenticationManager • Update WIF settings in web.config in OnStart() • Web Farm Ready Cookies • Web Sites and Cloud Services • DPAPI not supported in Windows Azure • Provide sign-out link for identity providers • Azure co-admin can’t admin ACS namespace 31
Windows Azure Active Directory • Internet scale, multi-tenant directory service • Directory store for Office 365 • Extend Windows Server AD to the cloud • Directory & identity services w/o need for Windows Server AD 32 Active Directory O365 Account Portal Intune Account Portal Windows Azure Mgmt Portal Azure AD PowerShell cmdlets
Windows Azure Active Directory • Multi-tenant “directory-as-a-service” • NOT a cloud version of Windows Server AD 33 Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspx
Windows Azure Active Directory 34 Windows Azure Management Portal REST API SAML-P O-Auth WS-Federation Integration / Management Endpoints Windows Azure Active Directory
Windows Azure Active Directory 35 Integration / Management Endpoints
Windows Azure Active Directory • What’s in the directory? • Everything is an object • Types: User, Group, Role, Application, Device, etc. 36
WAAD Graph Response <?xml version="1.0" encoding="utf-8"?> <feed xml:base="https://graph.windows.net/collierdemo.onmicrosoft.com/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml"> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User</id> <title type="text">Microsoft.WindowsAzure.ActiveDirectory.User</title> <updated>2013-03-21T00:58:34Z</updated> <link rel="self" title="Microsoft.WindowsAzure.ActiveDirectory.User" href="Microsoft.WindowsAzure.ActiveDirectory.User" /> <entry> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6</id> <category term="Microsoft.WindowsAzure.ActiveDirectory.User" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" /> <link rel="edit" title="User" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/manager" type="application/atom+xml;type=entry" title="manager" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/manager" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/directReports" type="application/atom+xml;type=feed" title="directReports" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/directReports" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/members" type="application/atom+xml;type=feed" title="members" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/members" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/memberOf" type="application/atom+xml;type=feed" title="memberOf" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/memberOf" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/permissions" type="application/atom+xml;type=feed" title="permissions" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/permissions" /> 37
WAAD Graph Response 38 <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/edit-media/thumbnailPhoto" title="thumbnailPhoto" href="directoryObjects/23dc9514-64ec- 4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/thumbnailPhoto" /> <m:action metadata="https://graph.windows.net/michaelcollier.onmicrosoft.com/$metadata#DirectoryDataService.assignLicense" title="assignLicense" target="https://graph.windows.net/collierdemo.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/assignLicense" /> <content type="application/xml"> <m:properties> <d:objectType>User</d:objectType> <d:objectId>23dc9514-64ec-4c94-8f03-4edf9016b2a6</d:objectId> <d:accountEnabled m:type="Edm.Boolean">true</d:accountEnabled> <d:assignedLicenses m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedLicense)" /> <d:assignedPlans m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedPlan)" /> <d:city m:null="true" /> <d:displayName>Michael Collier</d:displayName> <d:givenName>Michael</d:givenName> <d:mailNickname>michael</d:mailNickname> <d:mobile>+1 6142883146</d:mobile> <d:otherMails m:type="Collection(Edm.String)"> <d:element>michaelscollier@gmail.com</d:element> </d:otherMails> <d:userPrincipalName>michael@collierdemo.onmicrosoft.com</d:userPrincipalName> </m:properties> </content> </entry> </feed> * Some elements removed for readability.
Graph API Helpers • REST interface for WAAD • Graph Explorer: https://graphexplorer.cloudapp.net/ • AAD Helper: http://code.msdn.microsoft.com/Windows- Azure-AD-Graph-API-a8c72e18 • Active Directory Authentication Library (ADAL) • https://www.nuget.org/packages/System.IdentityModel.Client s.ActiveDirectory/ • http://www.cloudidentity.com/blog/2013/08/02/aal-becomes- adal-active-directory-authentication-library/ • Formerly Azure Authentication Library (AAL) 39
WAAD Authentication • Authentication for cloud-based & native apps • Permissions • SSO, Read Data, Read & Write Data • Applies to the APPLICATION, not the user 40
DEMO TIME!!! Windows Azure AD – Single Sign-On, Web API, and Windows Store
WAAD and the Enterprise 59 AD SQL My Enterprise LOB App
WAAD and the Enterprise 60 • Passwords sync every 2 minutes • Users sync every 3 hours My Enterprise DirSync LOB App SQL
Where Does the Authentication Happen? 61 Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least • Least • Some limitation • Some limitations • Most Directory Source of Authority • Cloud • Cloud • On-premises • On-premises • On-premises Hardware requirements • No additional hardware required • No additional hardware required • Windows Server OS for DirSync appliance • Windows Server OS for DirSync appliance • DirSync appliance • ADFS (or other STS) deployment IDP • Cloud • Cloud • Cloud • Cloud • On-premises User login experience • Disjoint username and password • Enter credentials twice • Disjoint username and password • Enter credentials twice • Same username, disjoint password • Enter credentials twice • Same username and password for on-prem and cloud • Enter credentials twice • Same username and password for on-prem and cloud • Login once if on- premises Complexity • Low • Medium • Low • Low • High Table Source: Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory, Ross Adams & Jono Luk – TechEd NA 2013
DEMO TIME!!! Windows Azure Active Directory w/ DirSync
Going Further with Windows Azure AD • Multitenant applications • Leverage identity from other WAAD tenants • http://www.windowsazure.com/en- us/develop/net/tutorials/multitenant-apps-for-active- directory/ • Phone 2FA (Multi-Factor Authentication) • Additional administrative users • Username/pwd + text message code 63
Summary • Developers, Architects, & IT Pros work together • Mobile Services • Quickly add Identity Providers via portal config and code • ACS • Federated identity authentication • Claims-based authorization • Windows Azure AD • “Extends” Windows Server AD to the cloud • Query via REST graph API 64
Helpful Resources • Mobile Services • Handling Expired Tokens - http://www.thejoyofcode.com/Handling_expired_tokens_in_your_application_Day_11_.aspx • Carlos Figueira’s Blog - http://blogs.msdn.com/b/carlosfigueira/ • ACS • Cheat Sheet – http://bit.ly/ACSCheatSheet • How To’s – http://bit.ly/ACSHowTo • Tips – http://bit.ly/HYhxjY • Azure Active Directory • “Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory”, Ross Adams & Jono Luk – TechEd NA 2013 • “Deep Dive into the Windows Azure Active Directory Graph API: Data Model, Schema, Query, and More”, Edward Wu – TechEd NA 2013 • Securing a Windows Store App and REST API using Windows Azure AD - http://msdn.microsoft.com/en-us/library/windowsazure/dn169448.aspx • Vittorio Bertocci’s Blog - http://www.cloudidentity.com/blog/ 65
Ask your questions
Thank You! • Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
August 11th – 13th 2014 Same Place, Same Time

Recommended

Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementMichael Collier
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure EnvironmentMichael Collier
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)Michael Collier
 

Recommended

Windows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementWindows Azure for Developers - Service Management
Windows Azure for Developers - Service ManagementMichael Collier
 
What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!What's New for the Windows Azure Developer? Lots!!
What's New for the Windows Azure Developer? Lots!!Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Automating Your Microsoft Azure Environment (DevLink 2014)
Automating Your Microsoft Azure Environment (DevLink 2014)Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)What's New for the Windows Azure Developer? Lots! (July 2013)
What's New for the Windows Azure Developer? Lots! (July 2013)Michael Collier
 
Automating Your Azure Environment
Automating Your Azure EnvironmentAutomating Your Azure Environment
Automating Your Azure EnvironmentMichael Collier
 
Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Programming Azure Active Directory (DevLink 2014)
Programming Azure Active Directory (DevLink 2014)Michael Collier
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)Michael Collier
 
More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less CashMichael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldMichael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationMichael Collier
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD ConnectSasha Rosenbaum
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure ADNew Horizons Ireland
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...Sandy Winarko
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
 
Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 

More Related Content

What's hot

More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less CashMichael Collier
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldMichael Collier
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudMichael Collier
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationMichael Collier
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTRadhakrishnan Govindan
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerMichael Collier
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365nelmedia
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a serviceBizTalk360
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Amazon Web Services
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsBizTalk360
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource ManagerMichael Collier
 
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...Sandy Winarko
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365Microsoft TechNet - Belgium and Luxembourg
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will FailMichael Collier
 

What's hot (20)

More Cache for Less Cash
More Cache for Less CashMore Cache for Less Cash
More Cache for Less Cash
 
Windows Azure: Lessons From the Field
Windows Azure: Lessons From the FieldWindows Azure: Lessons From the Field
Windows Azure: Lessons From the Field
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
 
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the CloudWindows Phone 7 and Windows Azure – A Match Made in the Cloud
Windows Phone 7 and Windows Azure – A Match Made in the Cloud
 
The Hybrid Windows Azure Application
The Hybrid Windows Azure ApplicationThe Hybrid Windows Azure Application
The Hybrid Windows Azure Application
 
Azure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPTAzure AD connect- Deep Dive Webinar PPT
Azure AD connect- Deep Dive Webinar PPT
 
Windows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect PartnerWindows Azure Mobile Services - The Perfect Partner
Windows Azure Mobile Services - The Perfect Partner
 
Azure AD Connect
Azure AD ConnectAzure AD Connect
Azure AD Connect
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update Management
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Understanding Azure AD
Understanding Azure ADUnderstanding Azure AD
Understanding Azure AD
 
Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365Integrating your on-premises Active Directory with Azure and Office 365
Integrating your on-premises Active Directory with Azure and Office 365
 
Azure - Identity as a service
Azure - Identity as a serviceAzure - Identity as a service
Azure - Identity as a service
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
Top 10 AWS Identity and Access Management (IAM) Best Practices (SEC301) | AWS...
 
Enter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s AssetsEnter The Matrix Securing Azure’s Assets
Enter The Matrix Securing Azure’s Assets
 
Inside Azure Resource Manager
Inside Azure Resource ManagerInside Azure Resource Manager
Inside Azure Resource Manager
 
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
PaaSport to Paradise - Azure SQL and SSIS in Azure Data Factory - Better Toge...
 
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
How to provide AD, ADFS, DirSync in Windows Azure and hook it up with Office 365
 
10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail10 Ways to Gaurantee Your Azure Project will Fail
10 Ways to Gaurantee Your Azure Project will Fail
 

Similar to Using Windows Azure for Solving Identity Management Challenges

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudChris Dufour
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical GuideSasha Rosenbaum
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019Kumton Suttiraksiri
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365Marco Parenzan
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Jethro Seghers
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupEPC Group
 
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!Anco Stuij
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersTobias Koprowski
 
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)Naoki (Neo) SATO
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Robert Crane
 
#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecturepearce.alex
 
SPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud SolutionsSPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud SolutionsNCCOMMS
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two cloudsAndrew Siemer
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureKevin Grossnicklaus
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackWinWire Technologies Inc
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision IT
 

Similar to Using Windows Azure for Solving Identity Management Challenges (20)

Windows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the CloudWindows Azure Active Directory: Identity Management in the Cloud
Windows Azure Active Directory: Identity Management in the Cloud
 
Azure Active Directory, Practical Guide
Azure Active Directory, Practical GuideAzure Active Directory, Practical Guide
Azure Active Directory, Practical Guide
 
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB201904_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
04_Extending and Securing Enterprise Applications in Microsoft Azure_GAB2019
 
2014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 3652014.10.22 Building Azure Solutions with Office 365
2014.10.22 Building Azure Solutions with Office 365
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure Supporting architecture office 365 on windows azure
Supporting architecture office 365 on windows azure
 
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC GroupUnderstanding Office 365’s Identity Solutions: Deep Dive - EPC Group
Understanding Office 365’s Identity Solutions: Deep Dive - EPC Group
 
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
SPSNL17 - Azure AD B2B - Safe collaboration has never been that easy!
 
KoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginnersKoprowskiT_SQLSatMoscow_WASDforBeginners
KoprowskiT_SQLSatMoscow_WASDforBeginners
 
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
[Rakuten TechTalk] Microsoft Azure (August 20, 2014)
 
Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015Understanding Cloud Identities - SMBNation 2015
Understanding Cloud Identities - SMBNation 2015
 
#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture#spsuk: Understanding the Office 365 Architecture
#spsuk: Understanding the Office 365 Architecture
 
Azure Active Directory
Azure Active DirectoryAzure Active Directory
Azure Active Directory
 
SPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud SolutionsSPUnite17 Creating Scalable Cloud Solutions
SPUnite17 Creating Scalable Cloud Solutions
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
 
Building Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stackBuilding Hybrid Cloud Apps with Azure and Azure stack
Building Hybrid Cloud Apps with Azure and Azure stack
 
Microservices in Azure
Microservices in AzureMicroservices in Azure
Microservices in Azure
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365Envision it SharePoint Extranet Webinar Series - Federation and Office 365
Envision it SharePoint Extranet Webinar Series - Federation and Office 365
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Using Windows Azure for Solving Identity Management Challenges

  • 1. Using Windows Azure for Solving Identity Management Challenges Michael S. Collier
  • 2. Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
  • 4.
  • 5. What We’re Talking About • Identity - Current State and in The Cloud • Windows Azure solutions • Mobile Services • Access Control Service (ACS) • Windows Azure Active Directory 6
  • 6. Who Are You? • Personalization • Business Rules • Functionality / Features 7
  • 7. Traditional Identity Management • IT Pro – controls the known world • Developers – blissfully ignorant? 8 AD SQL My Enterprise LOB App
  • 8. Cloud . . . A New Challenge • Move the application & data • Islands of identity • Outside of “traditional” IT world • External users / partners • BYOD • Developers ignorant no more • Developers + IT Pros 9
  • 9. 10 Windows Azure Options Mobile Services Active Directory Access Control Service (ACS) Server Active Directory AD w/ DirSync
  • 10. Mobile Services • Goal – easily build cloud-powered mobile apps • Built-in support for multiple social identity providers 11 private async System.Threading.Tasks.Task Authenticate() { while (user == null) { string message; try { user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.Twitter); message = string.Format("You are now logged in - {0}", user.UserId); CurrentUser.Text = "Welcome, " + App.MobileService.CurrentUser.UserId; } catch (InvalidOperationException) { message = "You must log in. Login Required"; } var dialog = new MessageDialog(message); dialog.Commands.Add(new UICommand("OK")); await dialog.ShowAsync(); } } Facebook Google MicrosoftAccount Twitter
  • 12. Authentication • Microsoft Account, Facebook, Twitter, and Google • OAuth • Does not use Windows Azure ACS
  • 13. Authentication • Microsoft Account – Use the Live SDK • Tight integration with Windows Live services
  • 14. More Mobile Services? • Programming Windows Azure Mobile Services • Jason Farrell • Wednesday at 10:30am • Portia 15
  • 15. Access Control Service (ACS) • Federated identity/authentication service • Google, Microsoft Account, Yahoo!, ADFS v2 • Bring your own membership • Claims-based authorization • Browser based (302 redirect) • Focus on your app 16
  • 17. ACS Tips • Enrich claims w/ a ClaimsAuthenticationManager • Update WIF settings in web.config in OnStart() • Web Farm Ready Cookies • Web Sites and Cloud Services • DPAPI not supported in Windows Azure • Provide sign-out link for identity providers • Azure co-admin can’t admin ACS namespace 31
  • 18. Windows Azure Active Directory • Internet scale, multi-tenant directory service • Directory store for Office 365 • Extend Windows Server AD to the cloud • Directory & identity services w/o need for Windows Server AD 32 Active Directory O365 Account Portal Intune Account Portal Windows Azure Mgmt Portal Azure AD PowerShell cmdlets
  • 19. Windows Azure Active Directory • Multi-tenant “directory-as-a-service” • NOT a cloud version of Windows Server AD 33 Image Source: http://technet.microsoft.com/en-us/library/jj573650.aspx
  • 20. Windows Azure Active Directory 34 Windows Azure Management Portal REST API SAML-P O-Auth WS-Federation Integration / Management Endpoints Windows Azure Active Directory
  • 21. Windows Azure Active Directory 35 Integration / Management Endpoints
  • 22. Windows Azure Active Directory • What’s in the directory? • Everything is an object • Types: User, Group, Role, Application, Device, etc. 36
  • 23. WAAD Graph Response <?xml version="1.0" encoding="utf-8"?> <feed xml:base="https://graph.windows.net/collierdemo.onmicrosoft.com/" xmlns="http://www.w3.org/2005/Atom" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:georss="http://www.georss.org/georss" xmlns:gml="http://www.opengis.net/gml"> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/$/Microsoft.WindowsAzure.ActiveDirectory.User</id> <title type="text">Microsoft.WindowsAzure.ActiveDirectory.User</title> <updated>2013-03-21T00:58:34Z</updated> <link rel="self" title="Microsoft.WindowsAzure.ActiveDirectory.User" href="Microsoft.WindowsAzure.ActiveDirectory.User" /> <entry> <id>https://graph.windows.net/11271159-abc8-4e0e-b3c2-c2a0858a036b/directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6</id> <category term="Microsoft.WindowsAzure.ActiveDirectory.User" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" /> <link rel="edit" title="User" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/manager" type="application/atom+xml;type=entry" title="manager" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/manager" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/directReports" type="application/atom+xml;type=feed" title="directReports" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/directReports" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/members" type="application/atom+xml;type=feed" title="members" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/members" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/memberOf" type="application/atom+xml;type=feed" title="memberOf" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/memberOf" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/permissions" type="application/atom+xml;type=feed" title="permissions" href="directoryObjects/23dc9514-64ec-4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/permissions" /> 37
  • 24. WAAD Graph Response 38 <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/edit-media/thumbnailPhoto" title="thumbnailPhoto" href="directoryObjects/23dc9514-64ec- 4c94-8f03-4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/thumbnailPhoto" /> <m:action metadata="https://graph.windows.net/michaelcollier.onmicrosoft.com/$metadata#DirectoryDataService.assignLicense" title="assignLicense" target="https://graph.windows.net/collierdemo.onmicrosoft.com/directoryObjects/23dc9514-64ec-4c94-8f03- 4edf9016b2a6/Microsoft.WindowsAzure.ActiveDirectory.User/assignLicense" /> <content type="application/xml"> <m:properties> <d:objectType>User</d:objectType> <d:objectId>23dc9514-64ec-4c94-8f03-4edf9016b2a6</d:objectId> <d:accountEnabled m:type="Edm.Boolean">true</d:accountEnabled> <d:assignedLicenses m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedLicense)" /> <d:assignedPlans m:type="Collection(Microsoft.WindowsAzure.ActiveDirectory.AssignedPlan)" /> <d:city m:null="true" /> <d:displayName>Michael Collier</d:displayName> <d:givenName>Michael</d:givenName> <d:mailNickname>michael</d:mailNickname> <d:mobile>+1 6142883146</d:mobile> <d:otherMails m:type="Collection(Edm.String)"> <d:element>michaelscollier@gmail.com</d:element> </d:otherMails> <d:userPrincipalName>michael@collierdemo.onmicrosoft.com</d:userPrincipalName> </m:properties> </content> </entry> </feed> * Some elements removed for readability.
  • 25. Graph API Helpers • REST interface for WAAD • Graph Explorer: https://graphexplorer.cloudapp.net/ • AAD Helper: http://code.msdn.microsoft.com/Windows- Azure-AD-Graph-API-a8c72e18 • Active Directory Authentication Library (ADAL) • https://www.nuget.org/packages/System.IdentityModel.Client s.ActiveDirectory/ • http://www.cloudidentity.com/blog/2013/08/02/aal-becomes- adal-active-directory-authentication-library/ • Formerly Azure Authentication Library (AAL) 39
  • 26. WAAD Authentication • Authentication for cloud-based & native apps • Permissions • SSO, Read Data, Read & Write Data • Applies to the APPLICATION, not the user 40
  • 27. DEMO TIME!!! Windows Azure AD – Single Sign-On, Web API, and Windows Store
  • 28. WAAD and the Enterprise 59 AD SQL My Enterprise LOB App
  • 29. WAAD and the Enterprise 60 • Passwords sync every 2 minutes • Users sync every 3 hours My Enterprise DirSync LOB App SQL
  • 30. Where Does the Authentication Happen? 61 Portal PowerShell/ Directory GRAPH DirSync w/Cloud identities DirSync w/Password Sync DirSync w/SSO Target customer segment • Small • Small to Medium • Small/Medium • Small/Medium • Medium/Large Scenario supported • Least • Least • Some limitation • Some limitations • Most Directory Source of Authority • Cloud • Cloud • On-premises • On-premises • On-premises Hardware requirements • No additional hardware required • No additional hardware required • Windows Server OS for DirSync appliance • Windows Server OS for DirSync appliance • DirSync appliance • ADFS (or other STS) deployment IDP • Cloud • Cloud • Cloud • Cloud • On-premises User login experience • Disjoint username and password • Enter credentials twice • Disjoint username and password • Enter credentials twice • Same username, disjoint password • Enter credentials twice • Same username and password for on-prem and cloud • Enter credentials twice • Same username and password for on-prem and cloud • Login once if on- premises Complexity • Low • Medium • Low • Low • High Table Source: Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory, Ross Adams & Jono Luk – TechEd NA 2013
  • 31. DEMO TIME!!! Windows Azure Active Directory w/ DirSync
  • 32. Going Further with Windows Azure AD • Multitenant applications • Leverage identity from other WAAD tenants • http://www.windowsazure.com/en- us/develop/net/tutorials/multitenant-apps-for-active- directory/ • Phone 2FA (Multi-Factor Authentication) • Additional administrative users • Username/pwd + text message code 63
  • 33. Summary • Developers, Architects, & IT Pros work together • Mobile Services • Quickly add Identity Providers via portal config and code • ACS • Federated identity authentication • Claims-based authorization • Windows Azure AD • “Extends” Windows Server AD to the cloud • Query via REST graph API 64
  • 34. Helpful Resources • Mobile Services • Handling Expired Tokens - http://www.thejoyofcode.com/Handling_expired_tokens_in_your_application_Day_11_.aspx • Carlos Figueira’s Blog - http://blogs.msdn.com/b/carlosfigueira/ • ACS • Cheat Sheet – http://bit.ly/ACSCheatSheet • How To’s – http://bit.ly/ACSHowTo • Tips – http://bit.ly/HYhxjY • Azure Active Directory • “Microsoft Office 365 Directory and Access Management with Windows Azure Active Directory”, Ross Adams & Jono Luk – TechEd NA 2013 • “Deep Dive into the Windows Azure Active Directory Graph API: Data Model, Schema, Query, and More”, Edward Wu – TechEd NA 2013 • Securing a Windows Store App and REST API using Windows Azure AD - http://msdn.microsoft.com/en-us/library/windowsazure/dn169448.aspx • Vittorio Bertocci’s Blog - http://www.cloudidentity.com/blog/ 65
  • 36. Thank You! • Michael S. Collier • Principal Cloud Architect, Aditi • michaelc@aditi.com • @MichaelCollier • www.MichaelSCollier.com
  • 37.
  • 38. August 11th – 13th 2014 Same Place, Same Time

Editor's Notes

  1. Title slide for anyone looking to use this years logo.
  2. Principal Cloud ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.
  3. Please take a brief opportunity and thank our platinum and gold sponsors. They have invested a lot of time and money into making That Conference the success it is.
  4. Nearly every application asks at least one simple question – who are you?PersonalizationBusiness rules (access to specific areas / functionality)
  5. MSFT Account – OAuth and integrated Windows Store app (SSO)
  6. OAuthRenders the OAuth web interface for the selected provider.
  7. Provide SSO for Windows 8 users
  8. Mobile Services helps w/ mobile apps, but what about web apps. We can leverage ACS.Authorization – your responsibility; use provided claims and map to your business rules
  9. With the somewhat more consumer offerings out of the way, let’s spend the rest of the time talking about enterprises.
  10. Accessibility options
  11. DirectoryObject is the base type for the following entity types: Application, Device,DirectoryLinkChange, Contact, Group, Role, ServicePrincipal, TenantDetail, and User.http://msdn.microsoft.com/en-us/library/windowsazure/jj134105.aspx
  12. Simple SSO for web appWeb API and Windows Store App - AAL
  13. Integration Options
  14. Show AD server and VM in cloudShow WAAD dir integrationChange user password . . . Wait for syncShow demo app
  15. Phone 2FA – formerly known as ‘Active Authentication’
  16. Windows Azure National ArchitectWindows Azure MVPHelp customers nationwide with their Windows Azure projects. This can include architectural design sessions, training, development, evangelism, etc.Reach me via email, Twitter, or my blog.
  17. At the end of your presentation we would be grateful if you could help us announce next years date.