Use office 365 login/credentials as Single Sign On - azure

Can I use office 365 login/credentials as Single Sign On? Actually I need to sign in my web application using office 365 login details.
Further I want to use following url credentials for Single Sign On in my web application.
https://portal.office.com

Indeed. Office365 identities are backed by Azure Active Directory, and you can build WebApps, WebAPIs and mobile apps secured using Azure Active Directory, so that customers of Offic365 can SSO to your applications.
The various auth scenarios supported by Azure AD are here: http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx. Code samples are here: http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx.
Hope that helps.

Related

How to handle authentication for Microsoft graph daemon/service

I want to build a daemon to read and write emails using my organisation's office 365 account. My team has a private Azure Instance (not linked with any O365) and i have no admin access to o365 other than my accounts credential. How can i build a daemon service that authenticate with ms-graph and read/write emails without any user interaction?
You need to have an application definition in the directory that has the Office 365 accounts.
You can either create it directly, or you can create it as a multi-tenant application in another directory.
In the latter case, you need to grant it access to the Office 365 tenant's Azure AD.
If you haven't worked with Azure AD and the Microsoft Graph API before, I recommend you check out the samples. There are some for node.js, but the principles are the same for all other environments.

To view and manage your registrations for converged applications

I see the following message "To view and manage your registrations for converged applications, please visit the Microsoft Application Console." (screenshot) under AD app registration screen in Azure Portal? what is this all about?
Clicking on that link takes me to a different page where I can perform App Registrations, trying to understand the difference between registering in Azure portal and in other external site.
It appears that Microsoft has released a new feature in Azure Authentication to support Microsoft account and Organisation account authentication in a single Azure Active Directory v2 authentication endpoint.
Here is the link for the complete article https://blogs.technet.microsoft.com/enterprisemobility/2016/02/23/for-developers-the-first-use-cases-of-the-converged-microsoft-account-and-azure-active-directory-programming-model-are-now-ga/
Key extract from the article
Today I am excited to tell you that the first set of uses cases supported by the Azure Active Directory v2 authentication endpoint are generally available. With the v2 endpoint, you can now build applications that let users sign in using their Azure AD backed work, or school account, or their Microsoft Account using a single button.
Federated sign in has many benefits. If you accept sign ins from Microsoft, you can:
Store fewer passwords in your application and make yourself a less attractive target for attackers,
Avoid your users having to remember another name and password,
Give your users a single sign on experience if they are already signed in to Windows 10, Office 365, Outlook.com, OneDrive, or other Microsoft property,
Seamlessly integrate a user’s data such as their calendar or contacts,
Take advantage of Microsoft’s advanced anomalous sign in detection technology, and let us help you defend your user’s accounts.
With federated sign in, Microsoft can handle identity management for you. With the Azure Active Directory v2 endpoint, we’re making this easier than ever before. Until now, building an application that worked with both Microsoft work and school accounts and Microsoft personal accounts required adding two technology stacks to your application: the Microsoft account stack and the Azure Active Directory stack. We’re bringing these two systems together so that you can integrate once and enable both kinds of users to sign in using a single button:
This converged programming model is exposed by the Azure AD v2 authentication endpoint. Today we are excited to announce GA of the first two scenarios supported by the v2 endpoint:

Office 365 Add-in with Oauth2 Authentication

I am making Office 365 add-in for Outlook web and SharePoint. As per the documentation, I need a developer account to register my add-in. The developer account for company is for $99.
I also wanted to authenticate user using his office 365 subscription. The documentation tells that an Azure account is needed for office 365 authentication, in which the app will be registered. Azure account is for $99 for company.
Now my question is that, as I have to register office 365 add-in and also enable authentication, do I need to buy both accounts each for $99 that cost $198. Or only one account serves my purpose ? It will be really helpful if any one having experience with office add-in can suggest some good resource to do this.
After you have the Office 365 developer account, you don't have to buy the Azure subscription to register the app to the Azure Active Directory. Because the Office 365 account already have a free subscription to Azure Active Directory.
And to activate this subscription and access the Azure management portal, you have to complete a one-time registration process. Afterward, you can access Azure AD from your Microsoft service that uses it(refer here about detail).
And it is recommend that you register the app through the Application Registration Portal at http://apps.dev.microsoft.com/ since it supports 'V2' which allow developers to write apps that accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint(V2 endpoint).

How to obtain Azure AD token inside Office 365 Outlook (or office apps) add-in?

I need the token in order to use office api discovery service (https://api.office.com/discovery/) to find SharePoint root url.
Is it possible to get access to Azure AD token from add-ins (Outlook/Office)?
Edit(To make things more clear):
As I'm building a multi-tenant Azure hosted app that should be launched via add-ins, I will have to force users to log-in in popup and give consent for application. Login is mandatory since in office add-in's we cannot find out who the logged in user is.
You can follow the documentation here on how to retrieve an authorization token - https://graph.microsoft.io/en-us/docs/platform/rest from Azure AD for the use of finding the root URL - also you can use the Microsoft Graph, which is the newer version of the Discovery service (more details about it again at the link provided).

Adding Office 365 API Call Permissions to the Azure Management Console

I'm trying to generate, through the Windows Azure Management Console, an API key that will allow me to make requests for Exchange Calendar Data (I need access to the Office 365 Exchange Online API set).
I am trying to get to this - from a help post I saw. Unfortunately, I only have these options.
However, I don't have access to the Office 365 permissions set for the application I created, and I can't figure out how to get access. Do I have to have an Office 365 organization account?
A few more details: the application itself is in my default directory, and it isn't multi-tenant. Thanks.
In order to create an application with Azure AD that uses Office permissions, I had to register for an Office 365 account with the same account that I used to create the application in the Azure Management Console. You probably won't see those permissions unless you have signed up for Office 365.
I signed up for a free trial and let it expire, and I was still able to use the requisite application permissions for Office. My Azure free trial also expired, and I was still able to use AD as I had before, and my application can still make API calls.

Resources