Chris Padgett Building consumer apps with Azure AD B2C - PowerPoint Presentation

Slide1
Slide2

Chris Padgett

Building consumer apps with Azure AD B2C

CLD333Slide3

Agenda

What and why of Azure AD B2C

Demo

Create an Azure AD B2C directory

Accounts, apps,

auth

and policies

Demo

Develop an

Azure AD B2C

app

Account attributes, Graph API, pricing and what is nextSlide4

What and why of Azure AD B2CSlide5

What is Azure

AD

B2C

A consumer identity and access management

service

Integrates across your modern

platforms

Highly available and

scales to

hundreds of millions of

consumers

Supports a customisable experience for consumersSlide6

Why B2C is same as B2E… but different

Consumer IDAM

Enterprise IDAM

A larger number of accounts with shorter sessions

A smaller numbers of accounts with longer sessions

More control of the identity data and lifecycle

Less control of the identity data and lifecycle

Expectation is a customer experience

Actuality

is

an office experience

The identity interactions are matched to a specific journey

The identity interactions are matched

to

“work”Slide7

Demo: Create

an Azure AD B2C directorySlide8

Accounts, apps,

auth and policiesSlide9

Consumer accounts

Consumers can create

new “local”

accounts

With

an email address or a user ID

Consumers can link

existing external

accounts

From

Amazon, Facebook, Google and LinkedIn

All accounts

can be protected using multi-factor authentication

Local passwords can be reset using self-service password

resetSlide10

App integration

An app definition must

be added to an Azure AD B2C

directory

Apps must be developed using the Azure AD v2.0 app model and

ADAL

v4 (experimental

)

Azure AD B2C supports OpenID Connect for web apps and OAuth 2.0 for native client apps

The consumer experiences are described by

policiesSlide11

Authentication requests

GET https://login.microsoftonline.com

/<tenant>/oauth2/v2.0/authorize

?

response_type

=

code+id_token &client_id

=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6

&

redirect_uri

=https%3A%2F%2Fwww.contoso.com%2F

&scope=

openid+offline_access

&state=af0ifjsldkj

&

response_mode

=

form_post

&nonce=n-0S6_WzA2Mj

&p=b2c_1_sign_inSlide12

Policies

Describe the sign up, sign in and profile editing experiences

Include settings for UI

customisations,

identity providers,

account attributes

, token

claims and multi-factor

authentication

Applications can be integrated with multiple policies of different types

Polices are invoked using the "p"

parameter

for an authentication

requestSlide13

Demo: Developing an Azure AD B2C appSlide14

Account attributes, Graph

API, pricing and what is nextSlide15

Account attributes

Azure AD B2C contains a built-in set of attributes for

accounts

i.e. Given

Name, Surname, City, etc.

You can declare custom attributes for

accounts

e.g.

FavouriteColour

Custom attributes can be included in

policies

e.g. Collected during sign-up and issued during sign-in

They can be managed using Azure AD Graph

APISlide16

Graph API

Enables management of consumer accounts and custom attributes

Apps must be developed using the Azure AD v1.0 app model and

ADAL

v2

Invoked as an administrator account for interactive, run-once tasks or as a service account for background, continuous tasks

Scenarios

include hosting

your own sign-up and migrating accounts from an existing directory to Azure AD B2CSlide17

Creating a new local account

POST https://graph.windows.net

/<tenant>/users?api-version=beta

Authorization: Bearer eyJhbGci...Content-Type: application/

json

{

"accountEnabled

": false,

"

alternativeSignInNamesInfo

": [

{

"type": "

emailAddress

",

"value": "chris.padgett@gmail.com"

}

],

"

creationType

": "

NameCoexistence

",

"

displayName

": "Chris Padgett",

"

mailNickname

": "

chris.padgett

",

"

passwordProfile

": {

"password": "

P@ssword

!",

"

forceChangePasswordNextLogin

": false

},

"

passwordPolicies

": "

DisablePasswordExpiration

"

}Slide18

Pricing

Free during the public preview

Usage

will be billed

based

on the total number of

both

:

Accounts

: Users stored per month in the Azure AD B2C directory

Authentications

: Tokens issued per month for both authentication requests and refresh requests

Multi-factor authentications

: Billed per user or application

A free tier will be available for developers

The first 50,000 users stored per month and the first 50,000 tokens issued per month will be free

Usage will be billed using a volume-based tiered modelSlide19

Current preview limitations

Production apps aren’t supported

Client

Credentials

and On-Behalf-Of grants aren’t supported

Access tokens aren’t supported

The sign-in, password reset and account verification experiences can only be customised using the company branding

feature

User administration is only supported in the current

portal

.NET, Android, iOS and

NodeJS

SDKs are only supportedSlide20

What is next

Custom domains

Full UX customisations

Localisation

More support for external identity providers

New support for custom identity providers

Sign-up

hook

sSlide21

Summary

Your consumer

apps create

connections with

consumers

Azure AD B2C is a highly available and massively scaled service for managing your consumers’ identities

Azure AD B2C provides the

identity interactions

that match a consumer journey

Policies are “the secret sauce”

that

specify the

identity

interactionsSlide22

Complete your session evaluation on

My Ignite for your chance to win one of many daily prizes. Slide23

Continue your Ignite learning path

Visit Channel 9

https://azure.microsoft.com/en-us/documentation/videos/azureadb2c

/

Read Azure AD B2C tutorials

https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-overview

/

Discover Azure AD B2C samples

https://github.com/AzureADQuickStarts

Contribute on User Voice to the public preview

https://feedback.azure.com/forums/169401-azure-active-directorySlide24