Azure AD B2C Custom Policies Now GA- Integration With Azure Functions For Data – PRE07

>> Hi, my name is Jose Rojas I’m a Program Manager in Azure Identity I specifically work in Azure Active Directory B2C Today, I’m going to share with you some information about a recently GA-ed portion of our service which is Azure Active Directory B2C with Custom Policies Let’s step right in. As a reminder, Azure Active Directory B2C is the controlled access platform for your customers accessing your own applications When your customers come to you, they might want to use things like login with Google, login with Facebook They might want to create an account you need to your particular application or sometimes they might even want to use an ID they already have such as an Azure Active Directory Business login or a government ID to login to your applications Once they have access on the right side of the page, we then refer to accessing applications, accessing your APIs, and providing analytics that are centralized for any number of applications for all your user base Today, we’re specially going to talk about external systems integration because this is part of a superpowers that we recently GA-ed in B2C. Just real quick The total value of B2C is one, secure authentication; two, the ability to capture any amount of customer information and save it to your directory, or their sources of data, or their destinations for your data; and lastly, everything is branded to your application or your particular brand You can choose one per brand, many per brand, it’s up to you So this security and this control comes to you and we provide this with a specific set of benefits of particular developers that’s because you might already be aware Every time your codebase touches things like security, like authentication, it should require some special review and with the value preposition we give to developers is to say, “Look No matter how your users approach which application or which device, we have a one control plane.” All those applications depicted on the slide in multicolors come to Azure App Directory B2C one point to give access to your users You can then develop one experience, one experience per application, or even more than that What you get is single sign-on, you get a consistent set of user experiences, and you get to improve them over time as they access different applications Then, even things that are a little trickier, a little messy, things like compliance, things like keeping metrics across applications become much easier when you got one control plane But with this control plane, also there are some things you might want to do when you arrive here So let’s take a look at an example and we’re going to do a simple example and a more complicated one In this chart, we show a user coming to their device, login into your application But then your application knows that this user wants to sign in, they may be push the “Sign In” button When they do that, your application reaches out to B2C and says, “B2C, please, perform an authentication using policy XYZ.” In this example, B2C picks up the experience and presents to the user, and a staff asserted or an interactive experience branded by you that would say for example, “Hey, how would you like to login? Would you like to use Google, Facebook, maybe create a new account.” Let’s say, the user chooses Facebook in this interaction While the next step B2C reaches out to Facebook directly, makes a connection, the user authenticates, B2C receives a token back, all is good, and says, “Okay, fine.” Third step, let’s see if we have this user in the directory If we do, great. Let’s authenticate the user If we don’t, maybe there’s an opportunity to create a new user and that’s exactly what happens in new user registration The last step in this simple example, we go back to the application, issue a token to the application on top, and the application continuous as a journey in a secure fashion Okay, this is basic and you can achieve this in five minutes or less using Azure Active Directory B2C user flows Just look that up, user flows It’s the easiest way to configure this journeys and out of 80 percent of our customers stop there This is just tremendously useful assist But today, we’re going to talk about some more complicated situations So what if you actually want to change those steps or you want to change the order of those steps This is when user journeys and orchestration steps comes in Here, we deconstruct the policy Well, specifically user journey In this example, you see orchestration step is what we call it Step one, choose one identity provider Step two, gather information from the user Step three, verify some of that information So far so good. But what if you want to validate the data? So what if an orchestration step two, the user inputs data and you want to verify whether it totally exist, whether it’s correct, whether it’s acceptable in your assistance systems Or for example, at the end, you want to record a user preferences not just in Azure Active Directory B2C, but you want to record it in your own database or you want to perhaps provision a user in your cells platform for a future followup So let’s talk about the data validation specifically

This is all part of how B2C does external systems integration In all cases, your user reaching through any number of apps, performs an authentication, and immediately after now, we can do some external systems interaction How do we do that? One great way to do it with Azure Functions I’m going to show you that today. Azure Functions add superpowers to your journeys You can do things like progressive profiles in different systems, you can calculate, for example what’s the percentage of a profile that’s complete, you can do things like check the data, check a loyalty account, check a player tag which is what I’m going to show you These are all, I called them superpowers, that you can add in B2C Let’s go right to a bit of a demo So if we switch over and we go to the user view in B2C Let’s go ahead and select “Azure Active Directory B2C” Within B2C, you can go to “User Flows” to create the simpler experiences or you go to the “Identity Experience Framework” to select other experiences, the once we’re going to talk about Within here, I’ve created a number of policies that are available, that I’ve already used, and I want to show you what it looks like At the same time, within my Azure Active Directory Instance, I have a number of services I used for my applications, like perhaps you do as well, one of them is Azure Functions I created a functions specifically called CheckPlayerTag This function is written in C# and B2C will interact with it as it will interact with any API Based on the responses from that API continue the user journey or not So now that I’ve shown you a bit of the code in this particular case, C#, as a verification We’ll come back to it but let’s see what it looks like So let’s take a look at a website we created This website is the demo Within it, we provide you the code so you can take a good close look at it But within this experience, we have the opportunity to create a sign in Specifically, I’m going to show you what it looks like In this particular experience, there’s a user that’s signed up into the application using some of the other applications in the family, so the user exists But it is the first time the user is going to access this particular application So let’s go ahead and do a sign-in Instead of using a social account, this user is creating or used as local account specifically in your directory. Let’s go out and do a sign-in Now, this application has seen this user for a very first time So it’s going to first, save you a set the Terms and Conditions of this particular part of the site or this particular application in the family I’m going to say, “Yes.” This preferences by the way, are stored in a compliant system as well, and I’ll continue My next question, the system realizes that there’s data I have not provided in the past that’s relevant to this particular application for games I’m going to introduce a player tag Let’s say that I choose “artemis” as my “Player Tag” “Player Zone”, let’s just call it “Recreation.” “Player Motto”, “Who Dares.” Let’s just say, “No.” So interested, not want to receive any offers and I hit “Create.” Well, at this point, if all you can see right here, the system checked whether or not this Player Tag was taken This has to be unique throughout the system and it’s telling me, “It is not possible.” Let’s try a different one, see if that works Nope, this one’s also taken. What is going on? Well, if we go back to the application specifically the API, we can see that we created an API and this API has a very limited list of taken It’s just for demo purposes of player tags that are already taken “Artemis”, “slayer123”, “parzival”, the list could be in the thousands or even millions Typically, this interaction would be directly one of your system that has the data But the idea is that B2C in real-time called out to an API specifically in Azure Functions and Azure Function can keep up with us in terms of performance across the globe and it’s able to complete this function Let’s take a look at what this looks like Before we do that, let’s just complete it Let’s choose something all together different See if this is accepted and I’m going to hit “Create.” In this case, we completed the login into the application So that Player Tag works But let’s talk about how that works So we took a quick look at both the API itself The API is just listening to Webhook Within it, it merely going to check whether or not a particular player tag is taken If it is, it’s going to respond back to B2C with a full strain that’s going to have, “The tag slayer123 is already in use Please, choose a new one.” That was the interaction we saw

Now, what does the B2C have for this equation? Let’s look at that. So let’s flip over to Visual Studio Code Within Visual Studio Code, I’ve downloaded a number of policies This is the way a policy looks like when you look at it from the constant policy lens Within the policy, I’ve done two things First of all, in this particular part of the flow, I’ve added a new step In this flow, this is when the user is logging in for the first time or login in period I’ve introduced a new function, it’s called the “ValidationTechnicalProfile” into an “AzureFunction-CheckPlayerTagWebHook.” Hopefully, you can see that This is the function that’s the nominated API function where I just reached into It’s going to send the data that it just gathered from the user whatever is appropriate or to that function specifically including the player tag. Now, what it does look like? The other thing I need to do is define what does this function look like in B2C So let’s scroll up in this particular function Let’s take a look at that So from here to here, this is the declaration of a Claims Provider and specifically a technical profile that describes the interaction with the rest API I have the address of the API, I get this directly off of the Azure Functions Then, I am going to declare what’s the exchange I want to have with this API B2C will connect to this API, will send a player tag The player tag string itself and just wait for a reply As you can see, the reply was “Negative Do Not.” If it’s already taken, it’ll tell it to the user So by adding two things, again, I added a validation step right here, Azure Functions number one and number two, I then added the definition of the API I was able to perform that validation By the way, all of this existing policies, existing declarations for user journeys already exist and they’re usually available to you in the “Get Started.” I’m just going to show you that very quickly Get started with custom policies in Azure Active Directory B2C tells you how to get that going and specifically work to get the existing policies from GitHub Great. So let’s go back to the presentation for a second Now, that we’ve shown you how to execute it, we’ve shown you how to do an Azure Functions Let’s go back over here and continue this portion So we saw the validation step, we took a look at the API itself, and I want to point you to a few places to get this started In particular, take a look at the Training and Solution guides that we have available Some pretty extensive labs and white papers there Also, take a look at the code we provided and the demo that I provided to you today We can’t wait to see you in the family Lastly for developers, a couple of quick notes We’d been working on releasing programmatic access and it’s now publicly available to upload-download policies to create applications, and register them, and also to create tenants We can’t wait to see you there On the right, just a little reference of now, so many equations we have in Visual Studio and we’re doing integrations with a number of partners to speed up deployments Reach out to us and we look forward to having you around With that, thank you I have a great Microsoft Build 2019