We're building a IaaS platform for the media industry. We're just looking to verify a few areas of Okta's capabilities and how to manage.
Okta is a web application for performing system administrative tasks against Active Directory repositories
Does Okta have such web application?
A demonstration of the web application
Is it possible to have a trial copy?
Authentication & Authorization via corporate AD
How do we set up the Okta AD Agent?
How do we use Okta API (to be integrated with our platform) to perform authentication against a corporate AD?
How do we use Okta API (to be integrated with our platform) to retrieve custom attribute information from corporate AD?
Thank you for your questions. Here are some resources to help answer your questions:
Our website has detailed documentation on how Okta works with Active Directory.
https://www.okta.com/resources/datasheet-ad-integration/
How to set up AD in Okta: https://support.okta.com/help/articles/Knowledge_Article/Okta-AD-Agent?_ga=1.41164711.449313748.1470873855
Furthermore, you can find further information on how to use the API on on our Developer helpsite: developer.okta.com
Related
I am working as a tester on a new Web Application that uses Azure B2C, And I am looking for the appropriate approach to handle this project. Please suggest me some ideas
It's the same approach as testing any Azure AD application.
Test all the profiles e.g. sign up / sign-in / reset password.
For any API secured by B2C, use automated testing and use the Resource Owner Password flow for the credentials.
I want to add authentication with SSO using azure AD in flutter app.But I didn't find any helpful doc for integration with flutter.So any suggestion will be of great help.
Currently, there is no native SDK for Flutter to integrate with AAD.
Here is a Flutter OAuth package for performing user authentication against Azure Active Directory OAuth2 V2.0 endpoint.
Regarding Single sign-on, you can refer to this document.
I'm not sure, if you are still looking. May be this will be useful for others. Build Azure B2C service authentication
https://github.com/MaikuB/flutter_appauth
Full application code can be found here https://nicksnettravels.builttoroam.com/connecting-flutter-to-azure-ms-ignite/
Be warned possibly noob question ahead.
I'm a little unsure where exactly Azure AD or IdentityServer is supposed to fit in in the overall communication flow.
Here is a scenario that I often face.
Some "dumb" client (e.g. a Windows App that can't use external assemblies or some JavaScript in a web app) has to contact my Web API which will then contact other APIs or other resources.
If I want to try and implement either Azure AD or IdentityServer as a means of authentication and authorization in the Web API, I don't see that this can be done in any other way, than it has to be the Web API that communicates with Azure AD or IdentityServer as the client doesn't have the ability to do so due to the lack of required assemblies.
If this assumption is not correct, then how would I do this?
If it is correct however, then what means of security is there between the client and the Web API other than communicating over HTTPS when the client has to send it's credentials to the Web API, so the Web API can authenticate and authorize the user against either Azure AD or IdentityServer?
If I understand your requirements correctly, then you are able to change the client Windows app, but unable to add external assemblies to it? So you would not be able to add the ADAL NuGet package to it.
You can still use Azure AD authentication - it is possible, but not trivial, to implement the client code yourself.
Or you can, as you already mentioned, pass the user's credentials to the Web API somehow, and then use that to have the Web API do authentication towards Azure AD on behalf of the user. There is a sample app which shows how to use username/password credentials.
This however, goes against the whole OAuth/OpenIdConnect mindset, where your app should never know the user's credentials.
Here:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/develop/active-directory-v2-protocols-oidc.md
Be careful with trying to use the most recent version of the Azure AD endpoint (just don't use version 2.0, they shot themselves in the foot by excluding all Azure AD webapp registrations & by "securing" web APIs by making them only available to apps with the same appid - as far as I'm concerned, it's unusable until they fix those two issues) - see the "[!NOTE]" near the top of that linked page for the v2.0 limitations.
I'm currently developing a API to commercialized in a B2B SAAS fashion.
The goal is to authenticate the worker of the company. We have an SDK that should be able to do that. There is the possibility to force each user to set credentials specific for our service, but that will hurt integration with companies applications.
The idea would be to have some kind of authentication (client independent) that make it easier to authenticate users.
The question is: There is a easy way to create an automatic process that does not depend on the client type of authentication methods, for this type of task?
Thanks in advance.
Have you taken a look at Azure AD? It specifically supports multi-tenant scenarios.
Tenants can use Azure AD Connect to sync their on-premise directory to the cloud. Clients can use ADAL to acquire a token which your service trusts. The issued token contains a tenant-id claim indicating via which tenant the user logged in.
Just to add to MvdD answer, in Azure AD support three ways to sign in:
Federated Single Sign-On enables applications to redirect to Azure AD
for user authentication instead of prompting for its own password.
This is supported for applications that support protocols such as SAML
2.0, WS-Federation, or OpenID Connect, and is the richest mode of single sign-on.
Password-based Single Sign-On enables secure application password
storage and replay using a web browser extension or mobile app. This
leverages the existing sign-in process provided by the application,
but enables an administrator to manage the passwords and does not
require the user to know the password.
Existing Single Sign-On enables Azure AD to leverage any existing
single sign-on that has been set up for the application, but enables
these applications to be linked to the Office 365 or Azure AD access
panel portals, and also enables additional reporting in Azure AD when
the applications are launched there.
I am creating a WCF REST API to be consumed by a ASP.NET web application and mobile applications and an outlook add-in. The current infrastructure is hosted on premise but we plan to take it to the cloud soon.
The API needs to authenticate AD users via PingFedrate SSO. The current classic ASP application integrates PingFedrate and throws a challenge window to the user for authentication. I need to get the same via the API but stuck as to how to begin and where shall it lead.
Any pointers of suggestion from you experts?
This sounds like something you could use PingFederate's OAuth support for.
We (Ping Identity - my employer) have more information on how to authenticate using PingFederate SSO to get OAuth API Access Tokens (to secure your API and tie identity to it) on our Developer Portal.
Please see the follow links/articles:
https://www.pingidentity.com/content/developer/en/learn.html
https://www.pingidentity.com/content/developer/en/resources/oauth-2-0-developers-guide.html
https://www.pingidentity.com/content/developer/en/resources/openid-connect-developers-guide.html