Windows Azure Active Directory presentation will show you how to set up your Azure AD account and how to connect existing ASP.NET MVC Web Application with Azure Active Directory to provide Single-Sign-On
2. • CTO @ spanlabs; www.spanlabs.in
• Technical Consultant/Architect on various
Microsoft Technologies since 8 years for IT
MNCs like Accenture, JPMC, FIS, Wipro,
Infosys, Cognizant and ….
• Speaker for various Microsoft Conferences
like NA MCT Summit (Seattle) , MS Ignite
(Atlanta) , GIDS (Great Indian Developer
Summit)
About the Instructor
Krunal Trivedi
Microsoft Certified Trainer
MCT India Regional Lead
www.techtrainingpoint.com
Twitter: @TrainerKrunal
3. Agenda
Why Azure Active Directory?
Microsoft Azure Active Directory Introduction
Azure AD-based Application Flow
Demo : Application Access Control with Azure AD
5. Let us begin with Active Directory…
What is Active Directory?
Directory service that Microsoft developed for Windows domain networks...
Holds information about all the objects – users, Computers, Resources like Printers, Shared Folders – in
organization’s network..
It is a software to arrange, store information, provides access and permission
It arranges all network users , computers and other objects into LOGICAL and HIERARCHICAL
groupings…
Active Directory information is used to authenticate/authorize the Users, Computers, Resources which
are part of a network…
5
8. Microsoft Azure Active Directory
What is it?
A multi-tenant service that provides enterprise-level identity and access management for the cloud.
Built to support global scale, reliability and availability.
Backed by a 99.99% SLA for Azure AD Premium or Basic
What can I do with it?
Manage users and access to cloud resources.
Extend your on premise Active Directory to the cloud.
Provide single-sign-on (SSO) across your cloud applications.
Reduce risks by enabling multi-factor authentication.
Support development’s need to build secure directory integrated applications for the enterprise.
8
13. For IT Admins : it provides easy and affordable Single-Sign-On access
For Developers : Focus on building your application by making it fast and simple to integrate with a world class
identity management solution.
With just four clicks , Azure AD can be integrated with an existing Windows Server Active Directory , giving
organizations the ability to leverage their existing on-premises identity investment
18. Directory Sync
Synchronizes Users, Groups,
and Contacts to Windows
Azure AD.
Users will have a different
password in Windows Azure AD
than they have for the on-
premise AD.
19. Directory Sync w/Password Sync
An extension of ‘Directory Sync’
that also synchronizes a “hash”
of the user’s password.
Enables users to sign-in to
cloud applications using their
same on-premise password.
20. Directory Sync w/Single Sign-On
Users won’t be challenged to
enter username/password when
accessing cloud applications.
Authentication occurs in the
on-premise directory.
Requires an on-premises STS,
such as ADFS.
21. Writeback Capability (“DirSync”)
Self-Services Password Reset with Writeback
Writeback capability enables password resets to be persisted
back to on-premises Server AD
A feature of the Azure Active Directory “DirSync” Tool
Only available in Azure AD Premium
22. Synchronization with DirSync
DirSync Intervals
Directory Sync runs on 3 hour intervals.
Password Sync runs on 2 minute intervals.
Password Writeback’s occur instantly.
DirSync On-Demand
Start-OnlineCoexistenceSync (PowerShell)
23. Monitoring DirSync
Directory Synchronization logs events in the Windows
Application Event Log.
Event Source: “Directory Synchronization”
Synchronization Service Manager for a UI Experience
C:Program FilesWindows Azure Active Directory SyncSYNCBUSSynchronization
ServiceUIShellmiisclient.exe
Create Security Group “MIISAdmins” on the DirSync Server and add the logged in user to the group.
Reference: http://support.microsoft.com/kb/2791422