Azure Active Directory B2B and B2C for Application Identity Management

this Brian Blanchard VP of cloud solutions for 10th magnitude and here today to talk about application identity management in the cloud so we’re going to start with a story of three applications our first application is a custom application that you’ve built at home and it’s for your end-users or partners or other external parties so you’ve created identities and store them in a sequel server this is the default with what you get with MVC and you want to spin up a basic identity provider so right next to it is another application now in here our identities are in sequel but next to it’s another application and this is for our internal users and we’ve got ad like we have for everything else so wisely your team’s taken and made that custom application point to Active Directory for identity management and next that you probably have a number of line of business applications various different commercial off-the-shelf apps we refer to those as lob apps in these applications as well or using Kerberos through Active Directory so this is a typical application scenario well what we want to talk about today is how we can change this up and add additional security in the cloud so if you’re using office 365 what you’ve already done whether you know it or not is you’re using another tool called Adger Active Directory or aad Azure Active Directory is similar to an instance of Active Directory running in cloud and kneel slide did a great video on our old manhattan’s project for tenth magnitude that tell us all about this but basically with Azure Active Directory we’ve got all our identity stored out here and we simply sync this up through aad connect order sync or some other tool when that happens all of these identities that live inside of a ad or inside of a DM sorry also now are replicated out to Azure Active Directory and you’ve got the choice of putting your identity and your password out there or just your identity and from there your users can get into o365 and they authenticate against this tool well it’s really cool as the Microsoft team saw that and said we can do more with that and they exposed a sam’l identity provider on this so if your line of business app uses sam’l or a basic simple authentication markup language they can simply point that line of business app out – azure active directory what that means is now you can take that application and host it anywhere doesn’t have to be in your data center anymore it doesn’t have to have physical access to ad so we can deploy that and one copy to our America office and another to our Singapore office and now they’re using the same identities through Azure Active Directory well Microsoft has done is they’ve taken that a little bit further and now we can use what’s called as your ad b2b or business-to-business and we can take custom apps that used to point to add to Active Directory and point those to Azure Active Directory as well but with the b2b part we can do something else really cool let’s say we have partners that we want to get into that app that aren’t in our current active directory structure we’re using Azure Active Directory b2b we can synchronize those users into Azure ad as well now our customers and our employees or partners and our employees can log-in have the same exact login experience and get to this custom app in some cases we can even get to that line of business application so now let’s take another look at this third app here our custom app with our end users in sequel well that’s a major security risk often times those identities aren’t encrypted they’re not protected they’re not treated like an identity so your end users could be hacked if that sequel database is compromised very risky scenario so what we’re seeing is a major trend is people are saying you know what I don’t want the sequel server containing identities anymore I want something really secure well we can take and put those same users interactive directory and we can now point our custom apps to that so we can have one source that gives us the ability to authenticate line of business apps custom apps and user applications against our Active Directory or a partners and again that partners is azure active directory b2b but let’s say we want to do something a little more now that we’ve got our users in this custom app point of – our Active Directory will and expand it and we want to make it to where we can take a Twitter account or a Facebook account or some other login that our users already have and reuse that login well what we can do is take a an IDP or a social identity and we can map that into aiding the same way so now if someone has a social identity in Facebook or Twitter we can map that to a user the stored in Azure Active Directory and we’re not to trust in Facebook with all our identities all we’re saying is that Facebook we trust that the password that you have is a viable password for this identity we map it to a user we control and in all of these we control what users in their what access they have and what applications they can get to but we have an identity model very similar to Active Directory which we know and love that

now manages our employees our partners and customers even social identities and provides access to the appropriate applications so these are the multiple flavors of azure ad and how it can help with application identity management in the cloud again this brian blanchard with 10th magnitude and thanks for your time