Azure AD B2C client workflow vs server workflow - azure-ad-b2c

I'm looking into using Azure AD B2C for our Xamarin.Forms mobile app. I've used it previously for a web app and want to use it for our mobile app. I have an Azure AD B2C and Azure Mobile backend created already and am setting up the login page.
What I can't find are the differences between the client workflow and server workflow. Are there any guidelines as to when and why you would choose one over the other? I've googled this but can't seem to find any useful documents or links anywhere.

Related

Develop Azure Active Directory Enterprise App

There doesn't appear to be much information available on developing a custom Azure Active Directory Enterprise Application. Is the developer information available anywhere?
e.g. develop an application that will appear in the list of Enterprise Applications in the Azure Active Directory gallery and that, once developed (in C#), allows SSO and provisioning of an external system, based on users and groups in Azure Active Directory
If you want to publish your app to azure ad gallery, you submit your request for access in the Application Network portal and implement SSO by using the federation protocol or by using the password SSO and request for user provisioning.
For more details of these steps, you can refer to this tutorial about how to publish the app to azure ad gallery. In this tutorial, there are also some links which may help you on how to do the development(such as integrate your application with Azure AD by using the Open ID Connect protocol, how to support SAML 2.0 and so on).

Right way to register Enterprise App in Azure

Can someone describe to me the differences in registering Enterprise Applications via
Application Registration Portal (https://apps.dev.microsoft.com)
Azure Portal (https://portal.azure.com, Home -> Azure Active Directory -> Enterprise Applications)
Azure AAD Portal (https://aad.portal.azure.com)
Perhaps there are even others that you may know of.
The application registered in the Application Registration Portal is the v2.0 application, which supports both Azure AD & Microsoft Accounts. Works with MSAL & most 3rd party oAuth/OIDC libraries. Can call the Microsoft Graph, and your own web API with ID tokens. If you register an application using personal Microsoft account, the application won't be visible in Azure Active Directory. For more details, you can refer to here.
While the application registered in the Azure Portal is the v1.0 application, which only supports sign in with Azure AD accounts. Can call the Microsoft Graph, other Microsoft resources, your own web API. For more details, take a look at the doc.
There's a doc describe the difference between the two endpoints.
As far as I know, the application registration is almost the same in the Azure Portal and Azure AAD Portal.

Using Google Apps for Work account to sign in to access Azure portal

In our organization, we are using Google Apps for Work for emails, calendar, document repository.
We also have some other services that we are using our google account to authenticate with SSO support. Simply google account is our SSO account that we want to use in all services we are using.
There are few exceptional services that we were not able to setup Google as identity provider. One of them is Azure Services. In azure, you can provision Azure Active Directory and create accounts in it and use that accounts to access many other Azure Services, such as Azure SQL Databases. If you are using Visual Studio Team Service, you can also configure VSTS to backed by AAD, then you can access to VSTS using AAD Account.
My question is, is there a way to configure AAD to delegate authentication on google side ?
If we can do this, then we would be able to use our Google Account to access all azure services
No, Microsoft services pretty much don't support any accounts other than Azure AD & Microsoft Account at this time.
You could set up Azure AD as the Identity Provider for your Google Apps account. I'm sure there would be some tedious steps in the process to get your users moved over but it should work. When your users attempt to login to Google Apps they would get redirected to an Azure AD sign in page and then redirected back to Google.
Some marketing material can be found here:
https://azure.microsoft.com/en-us/marketplace/partners/google/googleapps/

How to implement SSO in azure developer service

We have an API, we planning to publish this API in the Azure marketplace under developer service. For authentication, we are planning to use developer service SSO (Single sign-on) in API. I googled this but can't find any useful link, please suggest some links
Azure AD B2C became generally available recently and it somehow offers what you are looking for. You can use local Azure identity and/or social account for your end users to authenticate with SSO support.
https://azure.microsoft.com/en-us/services/active-directory-b2c/
With that being said and although you can secure your Web API with AAD b2C as in this guide, your customers won't be able to call this WebAPI from their own applications as the calling app must be registered in the same Azure AD directory with the same application Id. This is a limitation that is mentioned here:
Note:
Azure AD B2C currently supports only web APIs that are accessed
by their own well-known clients. For instance, your complete app may
include an iOS app, an Android app, and a back-end web API. This
architecture is fully supported. Allowing a partner client, such as
another iOS app, to access the same web API is not currently
supported. All of the components of your complete app must share a
single application ID.
If the above limitation is OK with you, then you might also be interested in this Azure article to list your app in the Azure AD application gallery.

Is client side login for Facebook supported in Azure mobile app?

I would like to ask about an Authentication with Azure mobile app.
As I checked the document, Azure mobile service supports client side login for Facebook
Client-directed login operation
https://msdn.microsoft.com/en-us/library/azure/jj710106.aspx
Using the Facebook iOS SDK for logging in to Azure Mobile Services
https://blogs.msdn.microsoft.com/carlosfigueira/2014/02/05/using-the-facebook-ios-sdk-for-logging-in-to-azure-mobile-services/
However, I cannot find any documents about Azure mobile app.
Is client side login for Facebook be supported even in Azure mobile app?
If it is supported, is implementation same as the document "Using the Facebook iOS SDK for logging in to Azure Mobile Services" avove?
Azure Mobile App is newly rearranged-and-rebadged for Azure Mobile Service. You can think them as version 1 and version 2 of the same project (Azure also provides one-click migration and its detailed information). Therefore, almost all documents and libraries for Azure Mobile Service are valid for Azure Mobile App.
For Facebook Login settings, you have to set App Id and App Secret values which obtain from Facebook Developer dashboard. The values of them can be set at Azure Mobile App Settings menu. please check out Azure official document Authentication section.

Resources