4.4 Implement Azure AD B2C and Azure B2B
Create an Azure AD B2C Directory, register an application, implement social identity provider authentication, enable multi-factor authentication, set up self-service password reset, implement B2B collaboration, configure partner users, integrate with applications
4.4.1 Create an Azure AD B2C Directory
Azure AD B2C is a cloud identity management solution for your web and mobile applications. It is a highly available global service that scales to hundreds of millions of identities. Built on an enterprise-grade secure platform, Azure AD B2C keeps your applications, your business, and your customers protected.
- Det første vi må gjøre er å opprette Azure AD B2C på min egen Tenant (mastech.no)
- Deretter må vi lenke opp denne nye Azure AD B2C (CoffeeBoys) til vår Subscription.
- Deretter kan vi trykke på lenken som opprettes med Resource Group og vi kommer inn på deres Azure Portal.
Create an Azure Active Directory B2C tenant in the Azure portal: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started
Linking an Azure Subscription to an Azure B2C tenant to pay for usage charges: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-how-to-enable-billing
Azure AD B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview
4.4.2 Register an application (Azure AD B2C Directory)
- Oppretter App
- Henter AppID
- Oppretter og henter Key ( An Application Secret is an important security credential, and should be secured appropriately.) Azure Active Directory B2C: Register your application: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-app-registration
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-policies
4.4.3 Implement social identity provider authentication
Microsoft: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-msa-app
Facebook: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-fb-app
Google ID: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-goog-app
4.4.4 Enable multi-factor authentication
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa
4.4.5 Set up self-service password reset
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-sspr
This feature includes a set of capabilities that allow your users to manage any password from any device, at any time, from any location, while remaining in compliance with the security policies you define.
Dette er veldig enkelt å sette opp. Under Azure Azure Directory (Azure AD) går vi til Password Reset.
Deretter er det blitt opprettet en gruppe som inneholder brukerne som har muligheten til å endre passordet sitt selv. Under Password Reset kan vi også sette en rekke innstillinger for Self-Service Password Reset.
4.4.6 Implement B2B collaboration
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b
4.4.7 Configure partner users
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-admin-add-users https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-user-properties https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-dynamic-groups
4.4.8 Integrate with applications
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-configure-saas-apps
http://openid.net/connect/ https://developers.onelogin.com/saml