chris padgett building consumer apps with azure ad b2c cld33 3
TRANSCRIPT
Spark the future.
Chris Padgett
Building consumer apps with Azure AD B2C CLD333
Agenda1. What and why of Azure AD B2C2. Demo
Create an Azure AD B2C directory
3. Accounts, apps, auth and policies4. Demo
Develop an Azure AD B2C app
5. Account attributes, Graph API, pricing and what is next
What and why of Azure AD B2C
What is Azure AD B2CA consumer identity and access management serviceIntegrates across your modern platformsHighly available and scales to hundreds of millions of consumersSupports a customisable experience for consumers
Why B2C is same as B2E… but different
Consumer IDAM Enterprise IDAMA larger number of accounts with shorter sessions
A smaller numbers of accounts with longer sessions
More control of the identity data and lifecycle
Less control of the identity data and lifecycle
Expectation is a customer experience
Actuality is an office experience
The identity interactions are matched to a specific journey
The identity interactions are matched to “work”
Demo: Create an Azure AD B2C directory
Accounts, apps, auth and policies
Consumer accountsConsumers can create new “local” accountsWith an email address or a user ID
Consumers can link existing external accountsFrom Amazon, Facebook, Google and LinkedIn
All accounts can be protected using multi-factor authenticationLocal passwords can be reset using self-service password reset
App integrationAn app definition must be added to an Azure AD B2C directoryApps must be developed using the Azure AD v2.0 app model and ADAL v4 (experimental)Azure AD B2C supports OpenID Connect for web apps and OAuth 2.0 for native client appsThe consumer experiences are described by policies
Authentication requestsGET https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize ?response_type=code+id_token &client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 &redirect_uri=https%3A%2F%2Fwww.contoso.com%2F &scope=openid+offline_access &state=af0ifjsldkj &response_mode=form_post &nonce=n-0S6_WzA2Mj &p=b2c_1_sign_in
Policies
Policy
UIcustomisatio
ns
Identityproviders
Accountattributes
Tokenclaims
Multi-factorauthenticatio
n
Describe the sign up, sign in and profile editing experiencesInclude settings for UI customisations, identity providers, account attributes, token claims and multi-factor authenticationApplications can be integrated with multiple policies of different typesPolices are invoked using the "p" parameter for an authentication request
Demo: Developing an Azure AD B2C app
Account attributes, Graph API, pricing and what is next
Account attributesAzure AD B2C contains a built-in set of attributes for accountsi.e. Given Name, Surname, City, etc.
You can declare custom attributes for accountse.g. FavouriteColour
Custom attributes can be included in policiese.g. Collected during sign-up and issued during sign-in
They can be managed using Azure AD Graph API
Graph APIEnables management of consumer accounts and custom attributesApps must be developed using the Azure AD v1.0 app model and ADAL v2Invoked as an administrator account for interactive, run-once tasks or as a service account for background, continuous tasksScenarios include hosting your own sign-up and migrating accounts from an existing directory to Azure AD B2C
Creating a new local accountPOST https://graph.windows.net/<tenant>/users?api-version=betaAuthorization: Bearer eyJhbGci...Content-Type: application/json
{ "accountEnabled": false, "alternativeSignInNamesInfo": [ { "type": "emailAddress", "value": "[email protected]" } ], "creationType": "NameCoexistence", "displayName": "Chris Padgett", "mailNickname": "chris.padgett", "passwordProfile": { "password": "P@ssword!", "forceChangePasswordNextLogin": false }, "passwordPolicies": "DisablePasswordExpiration"}
PricingFree during the public previewUsage will be billed based on the total number of both:Accounts: Users stored per month in the Azure AD B2C directoryAuthentications: Tokens issued per month for both authentication requests and refresh requestsMulti-factor authentications: Billed per user or application
A free tier will be available for developersThe first 50,000 users stored per month and the first 50,000 tokens issued per month will be free
Usage will be billed using a volume-based tiered model
Current preview limitationsProduction apps aren’t supportedClient Credentials and On-Behalf-Of grants aren’t supportedAccess tokens aren’t supportedThe sign-in, password reset and account verification experiences can only be customised using the company branding featureUser administration is only supported in the current portal.NET, Android, iOS and NodeJS SDKs are only supported
What is nextCustom domainsFull UX customisationsLocalisationMore support for external identity providersNew support for custom identity providersSign-up hooks
SummaryYour consumer apps create connections with consumersAzure AD B2C is a highly available and massively scaled service for managing your consumers’ identitiesAzure AD B2C provides the identity interactions that match a consumer journeyPolicies are “the secret sauce” that specify the identity interactions
Complete your session evaluation on My Ignite for your chance to win one of many daily prizes.
Continue your Ignite learning pathVisit Channel 9https://azure.microsoft.com/en-us/documentation/videos/azureadb2c/
Read Azure AD B2C tutorialshttps://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-overview/
Discover Azure AD B2C sampleshttps://github.com/AzureADQuickStarts
Contribute on User Voice to the public previewhttps://feedback.azure.com/forums/169401-azure-active-directory
© 2015 Microsoft Corporation. All rights reserved.Microsoft, Windows and other product names are or may be registered
trademarks and/or trademarks in the U.S. and/or other countries.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
AS TO THE INFORMATION IN THIS PRESENTATION.