Vittorio Bertocci vittoribMicrosoftcom vibronet d irectories offer the best model for business applications t raditional directories dont work too well with cloud workloads One Cloud Directory for Every Organization ID: 156211
Download Presentation The PPT/PDF document "Windows Azure Active Directory" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Windows Azure Active Directory
Vittorio Bertocci
vittorib@Microsoft.com
@
vibronet
Slide2
directories offer the best model
for business applicationsSlide3
traditional directories don’t work too well
with cloud workloadsSlide4
One Cloud Directory for Every OrganizationSlide5
Cloud Apps and Users from Organizations
Apps you buy
Your
LoB
Apps
Apps you
sell
Your
Customers’
Directories
Your DirectorySlide6
Agenda
The Directory Pattern
Directory in Action: Windows Azure for Organizations
Your Directory and Line of Business Apps in the Cloud
Your Customer’s Directory and your
SaaS
Apps in the CloudSlide7
DirectoriesSlide8
The Directory Approach
Direct Reports
MemberOf
AssetSlide9
App
Contoso’s On-Premises Directory
Anatomy of Windows Azure Active Directory
Management Portal
A
M
Graph API
OAuth2
SAML-P
WS-Federation
Metadata
Contoso’s WA AD Tenant
Windows Azure Active Directory
Dir
SyncSlide10
Directory in Action: Windows Azure for OrganizationsSlide11
DEMO
Accessing the Windows Azure Portal With an Organizational IdentitySlide12
Advantages of Using Organizational Identities
Centrally managed provisioning and
deprovisioning
Enforceable credential policies
Multiple authentication factor
Better User Experience
Less credentials to remember Slide13
Your Directory and Your
LoB
Applications in the CloudSlide14
Using the ASP.NET tools to connect to Windows Azure AD
DEMOSlide15
Connecting your LoB App to Windows Azure AD
WIF
Config
ServicePrincipal
Your
LoB
App
WIF Modules
Contoso’s WA AD TenantSlide16
The Graph API
RESTful
Interface to Windows Azure Active
Directory
Compatible with
OData
V3Uses OAuth 2.0 for Authentication and Role Based Assignment for Application and Users, for AuthorizationProgrammatic access to Windows Azure Active DirectoryObjects such as Users, Groups, Contacts, Tenant Information, Licensing, RolesSupport Links such as Member, memberOf, Manager, DirectReportDifferential queries Requests use standard HTTP methodsGET, POST, PATCH, DELETE to create, read, update, and delete directory objects. Response support XML and JSON, and standard HTTP status codesSlide17
Your Customer’s Directory & Your SaaS Apps in the CloudSlide18
Seamless Consent for SaaS
Apps
DEMOSlide19
The Application Publishing Flow
Visual Studio
Modify your app to
- admit multiple tenants
-
handle
consent messages
Seller DashboardRegister your app in the Seller Hub- create keys, catalog entries…- paste keys back in the app codeAppWindows Azure AD PortalSlide20
The SaaS
Application Publishing Cycle
DEMOSlide21
Multi-tenancy and Consent Flow
WIF
Config
ServicePrincipal
Your
SaaS
App
WIF Modules
Contoso’s WA AD Tenant
ServicePrincipal
Fabrikam’s
WA AD Tenant
Consent Module
Multitenant
TokenHandler
MultitenantTokenHandlerReferenceSlide22
Resources
Get your free tenant
at
http://
g.microsoftonline.com/0AX00en/5
Download the samples
and tutorials at https://activedirectory.windowsazure.com/develop/ Give us feedback at http://social.msdn.microsoft.com/Forums/en-US/WindowsAzureAD/ Slide23
One Cloud Directory for Every OrganizationSlide24
Thanks!
vittorib@microsoft.com
@
vibronet
http://blogs.msdn.com/vbertocci