is it possible to manage apps and services from Azure AD B2C via APIs (REST etc.) for individual users?
The authorised AD applications should be managed later in a self-developed dashboard via APIs.)
Best regards
Using the rest API, you can manage All the App services and also Azure resources.
for example updating the Api service
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/hostingEnvironments/{name}?api-version=2019-08-01
API for App service Please refer to this document it may help
Related
This is more of an 'Is this possible' question. A developer on the team suggested using Azure AD for user management, but one of the requirements is that the app admin be able to add/manage user access through the application without having to go to the Azure Portal.
So the question is, is the Graph API (or some other mechanism) full featured enough to replace the portal (at least for basic user set up and management) and allow all actions to be done from the application UI?
Thanks.
Simple answer to your question is Yes. Graph API can be used to manage users and their access to applications instead of using Azure Portal. In fact, Azure Portal itself makes use of Graph API to perform these operations.
You may also need to use Azure REST API if you're planning on managing Azure resources as well through this custom application especially Authorization APIs if you want to manage access to Azure resources (Azure Role-based access control) through your application.
I have two separate web applications, one built with .NET Framework and the other built with .NET Core. Both web applications make up one solution which we ship to our customers. The solution itself is a SaaS subscription-based solution, where users would be able to sign-up with using either a Microsoft/Office 365, GSuite, or organizational account (basic username/password). We would like to restrict sign-up to organizational/business accounts only.
As I understood, Azure B2B is mainly useful when you have something internal and you would like to give external users some limited access to it. Given that I have a multi-tenant SaaS solution, I believe that Azure B2C makes more sense.
Furthermore, in our solution, we would also want the ability for external users to access Tabular Models in Azure Analysis Services and SSRS.
Is access to only organizational accounts, something that can be configured through Azure AD B2C?
Can access be granted to external users to Azure Analysis Services or other Azure tools when using Azure B2C?
You have two options
Option 1, Using Azure AD External identities solution - recommended
You can use newly released self service sign up solution in Azure AD external identities . You can very well restrict sign up to other Azure AD accounts only. However for sign up using other federation systems - you need to try on. I think as of today only Google and Facebook are supported apart from Azure AD.
Option 2, use Azure AD B2C and use app only authentication.
Azure AD B2C consumer accounts are by default not supported by Azure services or Office. But you can use app based authentication to provide these services. Your client app will call your backend api using Azure AD B2C token. Your backend app can perform all auth validations and then call the backend Azure or any other service using app only authentication mode.
Some background context: We would like to build a centralized security service which orchestrating different authentication servers, such as our own Azure AD, external Azure AD, LDAP, etc. We are using Spring Cloud framework and Azure.
The first step is to build a service which using Azure Graph API to managing our own Azure AD, which we are able to do so.
We are also able to authenticate and authorize single microservice.
Now we are trying to enable oauth2 sso on our microservices with Azure AD. After spent a lot of time on researching, we still couldn't enable sso with Azure AD.
We are using #EnableOAuth2Sso and Oauth2RestTemplate. It seems like it's not able to do token relay and SSO with Azure AD.
Our questions are :
Does Spring Cloud Security do SSO with Azure AD?
If so, how? any guidance?
If not, instead of using azure-active-directory-spring-boot-starter, is there a way to do SSO with Azure AD by using Spring Security? SAML?
I have created two different micro services.
I have created API application in B2C tenant and I am able to access both micro service APIs from client (MVC/Angular) application using token acquired by B2C authentication.
Now, I would like to access these two micro services from my client application via azure API management service.
I tried to follow below article but it seems out dated.
https://winterdom.com/2017/11/17/aad-b2c-api-management
Can some one please provide an article link or sample to match my requirement.
You can refer to https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad. This also applies to Azure AD B2C.
We have an API, we planning to publish this API in the Azure marketplace under developer service. For authentication, we are planning to use developer service SSO (Single sign-on) in API. I googled this but can't find any useful link, please suggest some links
Azure AD B2C became generally available recently and it somehow offers what you are looking for. You can use local Azure identity and/or social account for your end users to authenticate with SSO support.
https://azure.microsoft.com/en-us/services/active-directory-b2c/
With that being said and although you can secure your Web API with AAD b2C as in this guide, your customers won't be able to call this WebAPI from their own applications as the calling app must be registered in the same Azure AD directory with the same application Id. This is a limitation that is mentioned here:
Note:
Azure AD B2C currently supports only web APIs that are accessed
by their own well-known clients. For instance, your complete app may
include an iOS app, an Android app, and a back-end web API. This
architecture is fully supported. Allowing a partner client, such as
another iOS app, to access the same web API is not currently
supported. All of the components of your complete app must share a
single application ID.
If the above limitation is OK with you, then you might also be interested in this Azure article to list your app in the Azure AD application gallery.