1 / 11

Azure Identity Premier Fast Start

Azure Identity Premier Fast Start. Optional Module. Using the Directory Graph API. Graph API Scenarios. Reading from Microsoft Azure Active Directory Implement People or Group Picker – List/search users/groups Design workflows that lookup Manager/Direct Report relationships

Jims
Télécharger la présentation

Azure Identity Premier Fast Start

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Azure Identity Premier Fast Start Optional Module

  2. Using the Directory Graph API

  3. Graph API Scenarios Reading from Microsoft Azure Active Directory • Implement People or Group Picker – List/search users/groups • Design workflows that lookup Manager/Direct Report relationships • Make Authorization Decisions – determine users' Group and Role Membership • Check tenant and users' subscribed services such as Microsoft Exchange, Microsoft SharePoint, Skype, Microsoft Dynamics CRM, Intune, GSM • Requesting changed data – "delta changes" Writing to Azure Active Directory • Updating users and groups • Setting users' password • Adding users to Groups/Roles • Provisioning/de-provisioning users

  4. What Is Graph RESTful interface for Azure Active Directory • Tenant-specific queries are scoped to individual tenant context • Programmatic access to directory objects, such as Users, Groups, Roles • Access relationships– members, memberOf, manager, directReports Requests use standard HTTP methods • GET, POST, DELETE to create, read, update, and delete • Responses support JSON, XML, standard HTTP status codes • Compatible with OData V3 OAuth 2.0 for authentication, role-based assignment

  5. What Is REST REST – Representational State Transfer Originated from a Ph.D dissertation by Roy Fielding ◦ An architecture style, not a protocol ◦ Description of how HTTP should be used for accessing data RESTful web services expose resources through a URI Resource PUT GET POST DELETE

  6. Service-to-ServiceOAuth 2.0 grant type client credentials Authentication and Authorization to Graph API 1.Request JWT token (pass input claims) Azure AD Authentication Endpoint (OAuth) Active Directory REST Service Validates token, processes request, returns data Application 2. Return token Authorization Check 3. HTTP Request with JWT token 4. Return Response and Data

  7. Query Format Tenant of interest – can be tenant’s verified domain or objectId Specific entity type, such as users, groups, contacts, tenantDetails, roles, applications, etc. Graph URL (static) https://graph.windows.net/contoso.com/users?api-version=2013-04-05&$filter=state eq 'WA' Optional Odata query arguments: $filter, $top API version – "2013-04-05" is the supported GA version

  8. Other Examples of Read Operations

  9. Graph API Write Operations

  10. Implementation on the App

More Related