Windows Azure Active Directory
Vittorio Bertocci
vittorib@Microsoft.com
@vibronet
patterns & practices Symposium 2013
directories offer the best model
for business applications
traditional directories don’t work too well
with cloud workloads
One Cloud Directory for Every Organization
Cloud Apps and Users from Organizations
Apps you buy
Your LoB Apps
Your Directory
Apps you sell
Your Customers’
Directories
Agenda




The Directory Pattern
Directory in Action: Windows Azure for Organizations
Your Directory and Line of Business Apps in the Cloud
Your Customer’s Directory and your SaaS Apps in the
Cloud
Symposium 2013
Directories
Symposium 2013
The Directory Approach
Direct Reports
MemberOf
Asset
Anatomy of Windows Azure Active Directory
Management Portal
Windows Azure Active Directory
OAuth2
SAML-P
WS-Federation
Graph API
Metadata
Dir Sync
Contoso’s WA AD Tenant
Contoso’s On-Premises Directory
App
Directory in Action: Windows Azure for Organizations
Symposium 2013
DEMO
 Accessing the Windows Azure Portal With an
Organizational Identity
Symposium 2013
Advantages of Using Organizational Identities




Centrally managed provisioning and deprovisioning
Enforceable credential policies
Multiple authentication factor
Better User Experience

Less credentials to remember
Symposium 2013
Your Directory and Your LoB Applications in the Cloud
Symposium 2013
DEMO
 Using the ASP.NET tools to
connect to Windows Azure
AD
Connecting your LoB App to Windows Azure AD
Windows Azure Active Directory
OAuth2
SAML-P
WS-Federation
Graph API
Metadata
Contoso’s WA AD Tenant
Your LoB App
The Graph API
• RESTful Interface to Windows Azure Active Directory
 Compatible with OData V3
 Uses OAuth 2.0 for Authentication and Role Based Assignment for Application and
Users, for Authorization
• Programmatic access to Windows Azure Active Directory
 Objects such as Users, Groups, Contacts, Tenant Information, Licensing, Roles
 Support Links such as Member, memberOf, Manager, DirectReport
 Differential queries
• Requests use standard HTTP methods
 GET, POST, PATCH, DELETE to create, read, update, and delete directory objects.
 Response support XML and JSON, and standard HTTP status codes
Symposium 2013
Your Customer’s Directory & Your SaaS Apps in the Cloud
Symposium 2013
DEMO
 Seamless Consent for SaaS
Apps
The Application Publishing Flow
Visual Studio
Modify your app to
- admit multiple tenants
- handle consent messages
Seller Dashboard
Register your app in the Seller Hub
- create keys, catalog entries…
- paste keys back in the app code
App
Windows Azure AD Portal
DEMO
 The SaaS Application
Publishing Cycle
Multi-tenancy and Consent Flow
OAuth2
SAML-P
WS-Federation
ServicePrincipal
Fabrikam’s WA AD Tenant
Metadata
Management Portal
Your SaaS App
Graph API
Contoso’s WA AD Tenant
Resources
 Get your free tenant at
http://g.microsoftonline.com/0AX00en/5
 Download the samples and tutorials at
https://activedirectory.windowsazure.com/develop/
 Give us feedback at
http://social.msdn.microsoft.com/Forums/enUS/WindowsAzureAD/
Symposium 2013
One Cloud Directory for Every Organization
Thanks!
 vittorib@microsoft.com
 @vibronet
 http://blogs.msdn.com/vbertocci
Symposium 2013