Azure Active Directory, Practical Guide
-
Upload
sasha-rosenbaum -
Category
Technology
-
view
1.405 -
download
6
Transcript of Azure Active Directory, Practical Guide
Azure Active DirectoryThe Practical Guide
Sasha Rosenbaum@DivineOpsSeptember 2015
The “What”
Where did it all start?
Windows Active Directory•Centralized storage of information about all network objects (users, computers, etc.)•Authentication •Access control providing permission levels•Audit trail for monitoring network activity
@DivineOps
@DivineOps
Active Directory
Azure Active Directory
@DivineOps
Azure Active DirectoryIdentity as a Service• Identity Management•Directory Services•Application Access Management
@DivineOps
New Features
The “Why”
When should you choose
Identity as a Service
@DivineOps
You already have!
Every Azure, Office365, Microsoft Intune and Dynamics CRM tenant is an AAD tenant
@DivineOps
Dynamics CRM
@DivineOps
Office 365
@DivineOps
Microsoft Intune
@DivineOps
Integration
@DivineOps
ProtocolsOpenID ConnectOAuth 2.0WS-FederationSAML-P
@DivineOps
TiersTIER FREE BASIC PREMIUM
Directory as a Service Yes Yes YesUser and Group Management Yes Yes YesDevice registration Yes Yes YesDirectory Objects 1 500 K Unlimited UnlimitedEnd User Access Panel Yes Yes YesSSO for SaaS Apps 10 Apps /
User 210 Apps /
User 2Unlimited
Directory Synchronization Yes Yes YesUser-based Access Management and Provisioning
Yes Yes Yes
Basic Security Reports Yes Yes Yes
@DivineOps
TiersTIER FREE BASIC PREMIUM
Logon/Access Panel Branding Customization
-- Yes Yes
Group-based Access Management and Provisioning
-- Yes Yes
Self-Service Password Reset for Cloud Users
-- Yes Yes
Secure Remote Access and SSO to on-premises web applications
-- Yes Yes
Self-Service Password Reset for Users w/ writeback to on-premises directories
-- -- Yes
Self-service group management for cloud users
-- -- Yes
@DivineOps
TiersTIER FREE BASIC PREMIUM
Multi-Factor Authentication (for cloud and on-premises applications)
-- -- Yes
Advanced Usage and Security Reports
-- -- Yes
Connect Health -- -- Yes
Cloud App Discovery -- -- Yes
Microsoft Identity Manager User CAL
-- -- Yes
Service Level Agreement -- 99.9% 99.9%
@DivineOps
Scenarios•Green field applications•Web•Mobile
@DivineOps
ADAL•Web Browser to Web Application (.Net)• Single Page Application (JavaScript, .Net) •Native Application to Web API (.Net, ObjC, Java) •Web Application to Web API (.Net, Nodejs)•Calling Azure AD Graph API (.Net, Java, PHP)
@DivineOps
Scenarios•SaaS Applications•Over 2500 apps, including
@DivineOps
Scenarios•On-Premise Applications• Integration with Local AD
The “How”
How do you get started?
Demo Active Directory Sync
Azure AD Connect Demo Slides
@DivineOps
Azure AD Connect
@DivineOps
Azure AD Connect•Azure AD Global Administrator account•Enterprise Administrator account for your local Active Directory•SQL Server database to store identity data•Meet server version and hardware requirements
Demo Greenfield Application Development
AAD with new MVC app Demo Slides
The “Where”are we headed?
@DivineOps
What’s New•Azure AD Connect with Connect Health is GA•Multi-Factor Authentication per app•Dynamic groups for applications and licenses•Out-of-the-box dedicated user group “All Users”•Azure Active Directory Application Proxy updates•Password write-back from AAD to AD is GA
@DivineOps
B2C AADAs of September 2015 Business to Consumer AAD is in public preview!•Self-registration•Registration with social accounts•Customer defined UX•Security and scalability of Azure Cloud B2C AAD Overview