1 / 21

Single sign-on best practices for Azure Active Directory and Microsoft Accounts

Single sign-on best practices for Azure Active Directory and Microsoft Accounts. Saeed Akhter - Principal Lead Program Manager. THR2081. Agenda. What is Single Sign On How MSAL implements Single Sign On Best practices. What is Single Sign On?. Users don’t have to sign in more than once

tara
Download Presentation

Single sign-on best practices for Azure Active Directory and Microsoft Accounts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Single sign-on best practices for Azure Active Directory and Microsoft Accounts Saeed Akhter - Principal Lead Program Manager THR2081

  2. Agenda What is Single Sign On How MSAL implements Single Sign On Best practices

  3. What is Single Sign On? Users don’t have to sign in more than once convenient for users maximize usage of your app Types of single sign on silent (no UI) interactive (tap your account name)

  4. Why is it secure? Users consent IT can audit user choices and manage consent grundy@riverdale.com Review app permissions Khan Academy khanacademy.org This app would like to: Read and write your files Read your calendar Sign you in and read your profile Read one or more specific groups Accepting these permissions means that you allow this app to use your data as specified in their terms of service and privacy statement. Show details Accept Cancel

  5. Azure Active Directory Auth Libraries (ADAL) Sign in for Azure AD users only ADAL is still fully supported, update to MSAL at your own pace Use the latest ADAL for Single Sign On across ADAL and MSAL apps UWP JavaScript AngularJS .NET Java Xamarin iOS Android Python

  6. Microsoft Authentication Libraries (MSAL) Public Preview (production-supported), on track for GA in early spring Preview updates every 4-6 weeks Designed for the best Single Sign On experience PREVIEW PREVIEW PREVIEW .NET JavaScript Angular PREVIEW PREVIEW PREVIEW PREVIEW UWP Xamarin Android iOS

  7. Microsoft Authentication Libraries (MSAL) For browser-based JavaScript apps, cookies are used for Single Sign On PREVIEW PREVIEW PREVIEW .NET JavaScript AngularJS PREVIEW PREVIEW PREVIEW PREVIEW UWP Xamarin Android iOS

  8. Microsoft Authentication Libraries (MSAL) MSAL supports a “universal” json cache format Future MSALs (Java, Python, C++) will read from the same format PREVIEW PREVIEW PREVIEW .NET JavaScript AngularJS PREVIEW PREVIEW PREVIEW PREVIEW UWP Xamarin Android iOS

  9. Microsoft Authentication Libraries (MSAL) For UWP apps, Web Account Manager API manages accounts Allows user to sign into the device, and stay signed in to apps PREVIEW PREVIEW PREVIEW .NET JavaScript AngularJS PREVIEW PREVIEW PREVIEW PREVIEW UWP Xamarin Android iOS

  10. Microsoft Authentication Libraries (MSAL) Let’s talk about mobile platform PREVIEW PREVIEW PREVIEW .NET JavaScript AngularJS PREVIEW PREVIEW PREVIEW PREVIEW UWP Xamarin Android iOS

  11. Single Sign On using Authenticator app MSAL will first look for the Authenticator app Your MSAL App Excel Word Excel Login Required No Login Authenticator App No Login Required Shared State

  12. Single Sign On using Authenticator app MSAL will first look for the Authenticator app Advantages Single Sign On for apps from different publishers Conditional Access support IT managed devices (MDM) IT polices on applications (MAM) Disadvantages End user must download a separate app to get these benefits

  13. Single Sign On using default browser Otherwise use SafariViewController (Chrome Custom Tabs on Android) Your MSAL App Excel Word Login Required No Login Required No Login Required Safari (System)

  14. Single Sign On using default browser Otherwise use SafariViewController (Chrome Custom Tabs on Android) Advantages Single Sign On for apps from different publishers Disadvantages Switch out of the app to sign in

  15. MSAL iOS Demo Single Sign On (SSO) after using the default iOS mail app

  16. Recommendations Try MSAL, give us your feedback – aka.ms/msalfeedback Use the latest ADAL for Single Sign On across ADAL and MSAL apps Always try acquireTokenSilent first then try acquire token interactively

  17. Attend our sessions and learn more about our Identity Platform and the Microsoft Graph

  18. Get started at: aka.ms/identityplatform Get Started • Make a pull request and win a shirt! • aka.ms/msidhacktoberfest Ask a question: aka.ms/MsIdStackOverflow Support • Get help at: aka.ms/identityplatformsupport • Take our survey and give us feedback: • http://aka.ms/msalsurvey

  19. Please evaluate this sessionYour feedback is important to us! Please evaluate this session through MyEvaluations on the mobile appor website. Download the app:https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations

More Related