CLD333 Agenda What and why of Azure AD B2C Demo Create an Azure AD B2C directory Accounts apps auth and policies Demo Develop an Azure AD B2C app Account attributes Graph API pricing and what is next ID: 627210
Download Presentation The PPT/PDF document "Chris Padgett Building consumer apps wit..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Chris Padgett
Building consumer apps with Azure AD B2C
CLD333Slide3
Agenda
What and why of Azure AD B2C
Demo
Create an Azure AD B2C directory
Accounts, apps,
auth
and policies
Demo
Develop an
Azure AD B2C
app
Account attributes, Graph API, pricing and what is nextSlide4
What and why of Azure AD B2CSlide5
What is Azure
AD
B2C
A consumer identity and access management
service
Integrates across your modern
platforms
Highly available and
scales to
hundreds of millions of
consumers
Supports a customisable experience for consumersSlide6
Why B2C is same as B2E… but different
Consumer IDAM
Enterprise IDAM
A larger number of accounts with shorter sessions
A smaller numbers of accounts with longer sessions
More control of the identity data and lifecycle
Less control of the identity data and lifecycle
Expectation is a customer experience
Actuality
is
an office experience
The identity interactions are matched to a specific journey
The identity interactions are matched
to
“work”Slide7
Demo: Create
an Azure AD B2C directorySlide8
Accounts, apps,
auth and policiesSlide9
Consumer accounts
Consumers can create
new “local”
accounts
With
an email address or a user ID
Consumers can link
existing external
accounts
From
Amazon, Facebook, Google and LinkedIn
All accounts
can be protected using multi-factor authentication
Local passwords can be reset using self-service password
resetSlide10
App integration
An app definition must
be added to an Azure AD B2C
directory
Apps must be developed using the Azure AD v2.0 app model and
ADAL
v4 (experimental
)
Azure AD B2C supports OpenID Connect for web apps and OAuth 2.0 for native client apps
The consumer experiences are described by
policiesSlide11
Authentication requests
GET https://login.microsoftonline.com
/<tenant>/oauth2/v2.0/authorize
?
response_type
=
code+id_token &client_id
=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6
&
redirect_uri
=https%3A%2F%2Fwww.contoso.com%2F
&scope=
openid+offline_access
&state=af0ifjsldkj
&
response_mode
=
form_post
&nonce=n-0S6_WzA2Mj
&p=b2c_1_sign_inSlide12
Policies
Describe the sign up, sign in and profile editing experiences
Include settings for UI
customisations,
identity providers,
account attributes
, token
claims and multi-factor
authentication
Applications can be integrated with multiple policies of different types
Polices are invoked using the "p"
parameter
for an authentication
requestSlide13
Demo: Developing an Azure AD B2C appSlide14
Account attributes, Graph
API, pricing and what is nextSlide15
Account attributes
Azure AD B2C contains a built-in set of attributes for
accounts
i.e. Given
Name, Surname, City, etc.
You can declare custom attributes for
accounts
e.g.
FavouriteColour
Custom attributes can be included in
policies
e.g. Collected during sign-up and issued during sign-in
They can be managed using Azure AD Graph
APISlide16
Graph API
Enables management of consumer accounts and custom attributes
Apps must be developed using the Azure AD v1.0 app model and
ADAL
v2
Invoked as an administrator account for interactive, run-once tasks or as a service account for background, continuous tasks
Scenarios
include hosting
your own sign-up and migrating accounts from an existing directory to Azure AD B2CSlide17
Creating a new local account
POST https://graph.windows.net
/<tenant>/users?api-version=beta
Authorization: Bearer eyJhbGci...Content-Type: application/
json
{
"accountEnabled
": false,
"
alternativeSignInNamesInfo
": [
{
"type": "
emailAddress
",
"value": "chris.padgett@gmail.com"
}
],
"
creationType
": "
NameCoexistence
",
"
displayName
": "Chris Padgett",
"
mailNickname
": "
chris.padgett
",
"
passwordProfile
": {
"password": "
P@ssword
!",
"
forceChangePasswordNextLogin
": false
},
"
passwordPolicies
": "
DisablePasswordExpiration
"
}Slide18
Pricing
Free during the public preview
Usage
will be billed
based
on the total number of
both
:
Accounts
: Users stored per month in the Azure AD B2C directory
Authentications
: Tokens issued per month for both authentication requests and refresh requests
Multi-factor authentications
: Billed per user or application
A free tier will be available for developers
The first 50,000 users stored per month and the first 50,000 tokens issued per month will be free
Usage will be billed using a volume-based tiered modelSlide19
Current preview limitations
Production apps aren’t supported
Client
Credentials
and On-Behalf-Of grants aren’t supported
Access tokens aren’t supported
The sign-in, password reset and account verification experiences can only be customised using the company branding
feature
User administration is only supported in the current
portal
.NET, Android, iOS and
NodeJS
SDKs are only supportedSlide20
What is next
Custom domains
Full UX customisations
Localisation
More support for external identity providers
New support for custom identity providers
Sign-up
hook
sSlide21
Summary
Your consumer
apps create
connections with
consumers
Azure AD B2C is a highly available and massively scaled service for managing your consumers’ identities
Azure AD B2C provides the
identity interactions
that match a consumer journey
Policies are “the secret sauce”
that
specify the
identity
interactionsSlide22
Complete your session evaluation on
My Ignite for your chance to win one of many daily prizes. Slide23
Continue your Ignite learning path
Visit Channel 9
https://azure.microsoft.com/en-us/documentation/videos/azureadb2c
/
Read Azure AD B2C tutorials
https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-overview
/
Discover Azure AD B2C samples
https://github.com/AzureADQuickStarts
Contribute on User Voice to the public preview
https://feedback.azure.com/forums/169401-azure-active-directorySlide24