Slide deck from Azure Saturday Munich 2019. Describing basics of online identity management and federation. But also capabilities of Azure AD B2C - from open standards protocols support (like OAuth and OpenID Connect) to building complex identity flows with Identity Experience Framework

1. Welcome to Azure Saturday 2019 Munich
18.05.2019 – Microsoft Munich – azuresaturday.de -- @azuresaturday
#AzureSaturday

2. The bits and pieces of Azure AD B2C
#AzureSaturday
Speaker: Anton Staykov
18.05.2019 – Microsoft Munich – azuresaturday.de – @azuresaturday

3. Password
reset
Web
Frontend
Hash
Backend
Salt
MFA
Account
Lockout
Email
verification

5. SSO
OpenID
Connect
OAuth
Federation
Client
credentials
ROPC
AuthZ
Code
STS
JWTSSI
Token
IdP
Implicit
flow
JWKS
This Photo by Unknown Author is licensed under CC BY
claim
on
behalf
of
Device
Code

6. Term Explanation
SSO Single SignOn. Once signed in stay signed in across applications
SSI Single Sign In. Use same set of credentials (username+password) across applications. Sign-in every time
Claim Assertion about an object issued by a trusted authority
Security Token Set of claims, digitally signed, issued by a Security Token Service
STS Security Token Service. Issues tokens (does not do token validation)
IdP Identity Provider. Reliable and secure store for usernames and passwords. Validates identity upon request
OAuth Authorization Framework. IETF Standard: https://tools.ietf.org/html/rfc6749
OpenID Connect Interoperable authentication protocol based on the OAuth 2.0 family of specifications. https://openid.net/connect/faq/
JWT JSON Web Token
JWKS JSON Web Key Secret
SWT Simple Web Token (XML based security token format)
SAML Security Assertion Markup Language. Token format
SAML-P Security Assertion Markup Language. Protocol implementation that uses SAML Tokens
WS-Federation Microsoft Protocol for SSO. Uses SAML Token format
WS-Trust Microsoft Protocol for service identity authentication/authorization
Various “flows” Implicit Flow, Client Credentials Flow, Authorization Code Grant Flow, On-Bhalf-Of Flow, Device Code. OAuth flows for obtaining tokens.
https://oauth.net/2/

9. Apps & APIs
Analytics
CRM and
Marketing
Automation
Business
Social IDs
Business &
Government
IDs
contoso
Customers
Azure Active Directory
B2C
Provide branded (white-label)
registration and login experiences
Securely authenticate your customers
using their preferred identity provider
Capture login, preference, and
conversion data for customers

10. App developers
Sign-in any user. Any identity provider,
social or email, consumer and enterprise
Customize each pixel. Your brand, your
HTML and CSS
Use built-in, self-service, user journeys
or define custom ones
Scale to 100s of millions of users, enterprise
ready, secure, cost effective
Use social
accounts
Create custom
user attributes
Customize your pages
using HTML and CSS
Protect your
users with MFA

</>
for App Developers
JavaScript

11. Step-by-
step user
journeys
Open
standards
Connect to a
store or migrate
its users
Conditional
branching
Enrich user
journeys
Connect with
existing systems
for Identity Experts
Identity Experts
Integrate with any SAML, OIDC, WsFed,
or WsTrust-based identity provider
Connect to your existing user stores or
migrate from those systems seamlessly
Connect with existing CRM systems,
marketing tools, and databases
Use REST APIs to enrich claims and
empower user journeys
Customize your user journeys with
conditional branching
Define user journeys between claims
providers step-by-step

13. =

14. …
MS Graph
=

15. Preconditions

17. =

18. Continual Innovation!
Generally available Public Preview Coming soon

19. https://aka.ms/aadb2csolutions
https://aka.ms/aadb2csolutions
https://aka.ms/aadb2cdemo
https://aka.ms/aadb2cdemocode
azure-ad-b2c