upravljanje pristupom uz azure ad b2c_ivanmarkovic
TRANSCRIPT
Advanced Technology Day16. i 17. studenog 2016., Hypo Centar
Upravljanje pristupom uz Azure AD B2CIvan MarkovićCloud Solutions Program Manager, Span
Današnji ekosustav
Korisnička perspektiva
Izazovi • Vrijeme razvoja• Troškovi razvoja• Sigurnost• Održavanje• Infrastruktura• Integracija s aplikacijama• UI/UX• Podrška za mobilne aplikacije
O meni• 24 godine• mag. ing. comp.• Cloud Solutions Program Manager u Spanu• [email protected]
Agenda
Azure AD
Azure AD B2C
Protokoli
Demo
Zaključak
Click icon to add picture
Azure Active Directory
Azure Active Directory
Azure Active Directory
More than
750 M user accounts on Azure AD
>1.3 billionAuthentications every day on Azure AD
Azure AD Directories
>10 M 99.9%SLA
Click icon to add picture
Azure AD B2C
Što je Azure AD B2C?• Tipičan scenarij:
‐ Login + Register
Što je Azure AD B2C?
Upravljanje identitetima za društvene i lokalne račune
Izrađen na vrhu Azure AD-a
Omogućuje integraciju s web aplikacijom bez obzira gdje se ona nalazi
Zašto Azure AD B2C?
Želite omogućiti korisnicima pristup u aplikaciju uz određenu razinu sigurnosti
Želite omogućiti korisnicima pristup u aplikaciju korištenjem njihovih postojećih računa (LinkedIn, Microsoft, ..)
Ne želite brinuti o potrebnoj infrastrukturi
ZnačajkeReduce time to implementation
Reduce development
costs Security Scalability Maintenance
Pre-built registration,
authentication, profile
management components
Pre-built components,
azure billing for incremental
usage
ISO/IEC 27018 compliant Azure
datacenters, multi-factor
authentication
Internet grade scalability and performance
(storage, network activity)
Cloud based solution, easy to administer, new
features immediately
available
Click icon to add picture
Protokoli
Azure AD B2C: Protokoli
Podržava dva standardna protokola: OpenID Connect i OAuth 2.0
Svaka aplikacija mora biti registrirana u B2C direktoriju sa sljedećim informacijama:• Application ID• Redirect URI
Azure AD B2C: Protokoli
Resource Owner (End-User)
Authorization Server (v2.0 Endpoint)
Oauth Client
(native or web app)
Resource Server
(REST API)Bearer token
Azure AD B2C: Policies
Glavna značajka usluge.
U potpunosti opisuju korisničko iskustvo upravljanja računom prilikom prijave, registriranja ili uređivanja računa
Određuju:• Tip računa koje korisnik može koristiti (račun s društvenih mreža ili
lokalni)• Informacije koje se prikupljaju prilikom registracije• Multi-Factor Authentication• Look-And-Feel
High-Level steps
Browser Web Server
V2.0 Endpointhttps://login.microsoftonline.com/
<tenant>/oauth2/v2.0/authorize
User navigates to web application
Web app redirects user to Azure AD, indicating the policy to executeUser completes policy
Returns id_token to browser
POSTs id_token to Redirect URI
Returns secure page to user
Validates id_token, Sets session cookie.
Demo
Q & A ?? ?
??? ?
Click icon to add picture
Zaključak
Zaključak
Azure AD B2C omogućuje jednostavnu implementaciju registracija i prijave korisnika u aplikaciju
Usluga izgrađena na temelju Azure AD-a
Podržava standardne protokole
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.