Using Azure Active Directory Authentication with your SharePoint Add-Ins for Office 365

• Product Owner Transformation Tooling• Both Dutch and Swedish nationality• 20+ years of industry experience• Living in Stockholm, Sweden• MCSM, MCM, MVP, MCSE, MCSD, MCSA, MCPD,

MCITP, MCTS• Office Developer PnP Core Team Member

• erwin.van.hunen@rencore.com• @erwinvanhunen• se.linkedin.com/in/erwinvanhunen

@ ME

Why?

Why use Active Directory Authentication?

Centralize authorization Off-load the decision making process to admins (they will like that )

Future proof your code We are heading more and more towards Azure AD when it comes to AuthN and AuthZ

PnP Core?

PnP Core?

Open Source Library Helper classes Extensions methods

Increases developer productivity

aka.ms/OfficeDevPnP

https://github.com/OfficeDev/PnPhttps://github.com/OfficeDev/PnP-Sites-Corehttps://github.com/OfficeDev/PnP-PowerShellhttps://github.com/OfficeDev/PnP-Toolshttps://github.com/OfficeDev/PnP-Guidancehttps://github.com/OfficeDev/PnP-Transformationhttps://github.com/OfficeDev/PnP-Toolshttps://github.com/OfficeDev/PnP-OfficeAddInshttps://github.com/OfficeDev/PnP-Provisioning-Schema

https://aka.ms/OfficeDevPnPVideos

https://aka.ms/OfficeDevPnPMSDN

https://aka.ms/OfficeDevPnPYammer

https://aka.ms/OfficeDevPnPPartnerPack

@OfficeDevPnP

https://aka.ms/OfficeDevPnPCall

Getting started

Get your app ready

Decide on the type of auth Configure your AzureAD Optionally create certificate

Install Nuget Packages OfficeDevPnP Microsoft.IdentityModel.Clients.ActiveDirectory

The easiest

Open the Azure AD management portal Add an application your organization is developing

Copy clientid and redirect url

Demo

A bit more work…

Open the Azure AD management portal Create a certificate Add an application your organization is developing

Modify the manifest Copy clientid and keep PFX file at hand

Demo

Comparing

Simple to setupInitial user interaction requiredRequires token cache to smoothen experience

A bit more complex to setupCertificate expirationNo need for token cacheSmoother end-user experience

App Only with User Auth

App Only with Certificate

More infoBlogs:http://www.erwinmcm.com/azure-active-directory-authentication-with-officedev-pnp-powershell/http://www.erwinmcm.com/azure-active-directory-app-only-authentication-with-officedev-pnp-powershell/http://blogs.msdn.com/b/vesku/archive/2016/02/15/connecting-to-sharepoint-online-from-console-application-with-adal-and-pnp-core-component.aspx

Videohttps://channel9.msdn.com/blogs/OfficeDevPnP/Connecting-to-SharePoint-Online-from-console-application-with-Azure-AD-and-PnP-Core-Component

Questions?

Thank you!