Impressive growth of Azure Active Directory users since 2011 • Over 3 million companies, 469K active tenants last week • Approaching 146
Download ReportTranscript Impressive growth of Azure Active Directory users since 2011 • Over 3 million companies, 469K active tenants last week • Approaching 146
Impressive growth of Azure Active Directory users since 2011 • Over 3 million companies, 469K active tenants last week • Approaching 146 million directory users, 16 million active users last week • For the past 3 months, 25,000 new users have logged into Azure Active Directory for the first time Today, global enterprises run on Windows Server Active Directory • • • 90% of US enterprises and 70% of international corporations use Active Directory Over 400 million Active Directory users Active Directory users will move to Azure Active Directory.
REST OAuth
Graph API REST Interface
Divided into Tenants Example: Users, Groups, Contacts, Roles, Licenses Member/Member of, Manager/Direct reports 7
Graph URL (static) Tenant of interest – can be tenant’s verified domain or objectId.
Specific entity type, such as users, groups, contacts, tenantDetails, roles, applications, etc.
https://graph.windows.net/ contoso.com
/users ?api version=2013-04-05 &$filter=state eq ‘WA’
API version – “2013-04-05” is the Supported GA version Optional Odata query arguments: $filter, $top
http://graphExplorer.cloudapp.net/
3. HTTP Request with JWT Token 4. Return Response and Data
Authentication - Acquiring a token OAuth 2.0 grant type=client credentials
POST https://login.windows.net/contoso.com/oauth2/token?api-version=1.0
HEADERS Content-Type: application/x-www-form-urlencoded BODY grant_type= client_credentials & resource= https%3a%2f%2fgraph.windows.net& client_id= 52752c8e d73c-4f9a-a0f9 2d75607ecb8e& client_secret= qKDjII5%2FK8WyKj6sRo5a5vD6%2Bm74uk1A%2BpIlM%3D RESPONSE: 200 OK Token will be returned back to the calling application if all values are valid Notes: OAuth 2.0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under Active Directory/Applications
GET https://graph.windows.net/contoso.com/users?api-version=2013-04-05 HEADERS Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T….
Content-type: Application/JSON;odata=minimalmetadata RESPONSE: 200 OK RETURN User Objects in JSON GET https://graph.windows.net/contoso.com/users/[email protected]/thumbnailPhoto?api version=2013-04-05 HEADERS Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T….
Content-type: Application/JSON;odata=minimalmetadata RESPONSE: 200 OK RETURN: data representing User’s thumb nail photo
Request Description
https://graph.windows.net/graphDir1.OnMicrosoft.com/tenantDetails?api-version=2013-04-05 Returns tenant level Information including company name, tech contact, subscriptions https://graph.windows.net/graphDir1.OnMicrosoft.com/groups/7373b0af-d462-406e-ad26 f2bc96d823d9/members?api-version=2013-04-05 https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?$filter=displayName eq 'Adam Barr'&api version=2013-04-05 https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?$filter=displayName ge 'A' and displayName le 'F'&api-version=2013-04-05 https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?api-version=2013-04 05&$filter=startswith(displayName,'James') returns a group’s members using odata filter to get a specific user filters for a range of users an example odata filter using startsWith https://graph.windows.net/GraphDir1.OnMicrosoft.com/users?api-version=2013-04 05&$filter=proxyAddresses/any(c:startswith(c,'SMTP:Ad')) https://graph.windows.net/GraphDir1.OnMicrosoft.com/users/[email protected]/memberOf ?api-version=2013-04-05 https://graph.windows.net/graphDir1.OnMicrosoft.com/users/[email protected]/manager?
api-version=2013-04-05 https://graph.windows.net/graphDir1.OnMicrosoft.com/users/[email protected]/directRep orts?api-version=2013-04-05 Get a users’ group membership Get an individual User's manager Get an individuals ‘ Direct Reports https://graph.windows.net/graphDir1.OnMicrosoft.com/directoryObjects/2bb8892b-b7bf-4ae9-b2f2 02d9103cb82b?api-version=2013-04-05 an example odata filter using the any operator, search for users who have a proxy address starting with 'SMTP:ad' resolve an directory object via GUID (you may not know what type of entity object this is - returned data will provide details).
https://graph.windows.net/graphDir1.OnMicrosoft.com/roles?api-version=2013-04-05 Return Roles https://graph.windows.net/graphDir1.OnMicrosoft.com/subscribedSkus?api-version=2013-04-05 Return all subscriptions that the tenant owns
POST https://login.windows.net/contoso.com/oauth2 /token?api-version=1.0
HEADERS Content-Type: application/x-www-form urlencoded BODY grant_type=client_credentials&resource=https %3a%2f%2fgraph.windows.net& client_id= 5275 2c8e-d73c-4f9a-a0f9 2d75607ecb8e& client_secret= RESPONSE: 200 OK Active Directory/Applications qKDjII5%2FK8Wy Kj6sRo5a5vD6%2Bm44uk1A%2BpIlM%3D Notes: Oauth 2.0 Client Credential grant type, client_id and client_secret are pre-configured through the Azure Management Portal, under
Create a New User POST https://graph.windows.net/contoso.com/users?api-version=2013-04-05 HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T….
BODY { } "accountEnabled":true, "userPrincipalName":"[email protected]", "displayName":"New User", "passwordProfile":{ "password":"VStrongP@ssword1", "forceChangePasswordNextLogin":true}, "mailNickname":"NewUser" RESPONSE: 201 Created Notes: (1)the password must meet the tenant’s Accepted password complexity requirements.
(2 )the minimum set of properties to create a user is shown in the example above.
(3) setting the user’s usage location is not shown above.
Add a User to a Group
Update Group or Role membership POST https://Graph.windows.net/contoso.com/groups/02a8a087-a371-43f9-94df cf0f654de307/$links/members?api-version=2013-04-05 HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T….
{ BODY: } "url":"https://graph.windows.net/contoso.com/directoryObjects/93d8feee-6365-4b3b-98c0 14da134a2b1e" RESPONSE: 204 Notes: replace /groups with /roles to support Role membership updates
Reset a User’s password
Reset a User’s password PATCH https://graph.windows.net/contoso.com/users/[email protected]?api-version=2013-04-05 HEADERS Content-Type: application/json Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5HVEZ2ZEstZnl0aEV1T….
} { BODY: } { "passwordProfile": "password":"newPassword1!", "forceChangePasswordNextLogin":false RESPONSE: 204 Notes: password must meet the tenant’s accepted password policy (matching password complexity, length and password re-use policy)
Demo
Read and Write Operations in C# Visual Studio Project using WCF Data Services 5.3
+ Graph Helper Class
Graph URL (static) Tenant of interest – can be tenant’s verified domain or objectId.
Resource set of interest – To indicate specific entity type, specify “users” / “groups” / “contacts”. Use “directoryObjects” to include all 3 entities types.
https://graph.windows.net/ contoso.com
/directoryObje cts ?api-version=2013-04-05 &deltaLink=
API version – “2013-04 05” is the 1.0 version Empty, to indicate this is an initial query. Subsequent queries contains deltaLink/nextLink value obtained from previous response.
Differential Query Demo
Graph Explorer https://graph.windows.net/graphDir1.OnMicrosoft.co
m/users?api-version=2013-04-05 &deltaLink=
The Enterprise Cloud for HR and Finance
Samir Rathod – Sr. Enterprise Architect
Starting from Scratch
The Enterprise Cloud for HR and Finance WORKDAY CONFIDENTIAL TALENT HUMAN RESOURCES FINANCIALS REVENUE PAYROLL MOBILE ACTIONABLE ANALYTICS TIME TRACKING TECHNOLOGY MULTI-TENANT OBJECT ORIENTED IN-MEMORY SECURITY CONSUMER UI
GLOBAL AT THE CORE
COLLABORATION
ADAPTIVE FOUNDATION
INTEGRATION CLOUD EMBEDDED SERVICES CONFIGURABLE PROCESSES REPORTING & WORKTAGS PROCUREMENT EXPENSES SETTLEMENT ENGINE GOVERNANCE & COMPLIANCE
Workday Customers by Industry
Services Technology Retail & Hospitality Manufacturing Financial Services Education & Government Healthcare & Life Sciences
WORKDAY CONFIDENTIAL
Thank you!
[email protected]
https://microsoft.qualtrics.com/SE/?SID=SV_3OFY7hFRayuoxI9
Develop and Test in VMs, Build Websites, Extend on-premises applications http://www.windowsazure.com
MSDN Subscribers: you’ve got it, now use it
Activate your MSDN Benefit & try it by 9/30 You could win* an Aston Martin V8 Vantage!
Go to: http://aka.ms/AzureContest Drop by the Windows Azure booth to participate in the Windows Azure Challenge for even more prizes!
Windows Enterprise: windows.com/enterprise windows.com/ITpro microsoft.com/mdop microsoft.com/dv microsoft.com/windows/wtg tryoutlook.com
http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn