Azure Active Directory developer's guide
As an identity management as a service (IDMaaS) platform, Azure Active Directory (AD) provides developers an effective way to integrate identity management into their applications. The following articles provide overviews on implementation and key features of Azure AD. We suggest that you read them in order, or jump to Getting started if you're ready to dig in.
The benefits of Azure AD integration: Discover why integration with Azure AD offers the best solution for secure sign-in and authorization.
Azure AD authentication scenarios: Take advantage of simplified authentication in Azure AD to provide sign-on to your application.
Integrating applications with Azure AD: Learn how to add, update, and remove applications from Azure AD, and about the branding guidelines for integrated apps.
Azure AD Graph API: Use the Azure AD Graph API to programmatically access Azure AD through REST API endpoints. The Azure AD Graph API is also accessible through Microsoft Graph. Microsoft Graph provides a unified API that enables access to multiple Microsoft cloud service APIs, through a single REST API endpoint, and with a single access token.
These tutorials are tailored for multiple platforms and can help you quickly start developing with Azure Active Directory. As a prerequisite, you must get an Azure Active Directory tenant.
|iOS||Android||.NET||Windows Universal||Xamarin||Cordova||Integrate directly with OAuth 2.0|
These articles describe how to perform specific tasks by using Azure Active Directory:
- Get an Azure AD tenant
- Sign in any Azure AD user using the multi-tenant application pattern
- Enable cross-app SSO using ADAL, on Android and on iOS devices
- Make your application AppSource Certified for Azure AD
- List your application in the Azure AD application gallery
- Submit web apps for Office 365 to the Seller Dashboard
- Understand the Azure Active Directory application manifest
- Understand the branding guidelines for the sign-in and app acquisition buttons in your client application
- Preview: How to build apps that sign users in with both personal & work or school accounts
- Preview: How to build apps that sign up & sign in consumers
- Preview: Configuring token lifetimes in Azure AD using PowerShell. See Policy operations and the Policy entity for details on configuring via the Azure AD Graph API.
These articles provide a foundation reference for REST and authentication library APIs, protocols, errors, code samples, and endpoints.
- Tagged questions: Find Azure Active Directory solutions on Stack Overflow by searching for the tags azure-active-directory and adal.
- See the Azure AD developer glossary for definitions of some of the commonly used terms related to application development and integration.
Active Directory Authentication Library (ADAL) for .NET - Reference documentation is available for both the latest major version and the the previous major version.
Graph API reference: REST reference for the Azure Active Directory Graph API. View the interactive Graph API reference experience.
Graph API permission scopes: OAuth 2.0 permission scopes that are used to control the access that an app has to directory data in a tenant.
Signing Key Rollover in Azure AD: Learn about Azure AD’s signing key rollover cadence and how to update the key for the most common application scenarios.
OAuth 2.0 protocol: Using the authorization code grant: You can use the OAuth 2.0 protocol's authorization code grant, to authorize access to Web applications and Web APIs in your Azure Active Directory tenant.
OAuth 2.0 protocol: Understanding the implicit grant: Learn more about the implicit authorization grant, and whether it's right for your application.
OAuth 2.0 protocol: Service to Service Calls Using Client Credentials: The OAuth 2.0 Client Credentials grant permits a web service (a confidential client) to use its own credentials to authenticate when calling another web service, instead of impersonating a user. In this scenario, the client is typically a middle-tier web service, a daemon service, or website.
OpenID Connect 1.0 protocol: Sign-in and authentication: The OpenID Connect 1.0 protocol extends OAuth 2.0 for use as an authentication protocol. A client application can receive an id_token to manage the sign-in process, or augment the authorization code flow to receive both an id_token and authorization code.
SAML 2.0 protocol reference: The SAML 2.0 protocol enables applications to provide a single sign-on experience to their users.
WS-Federation 1.2 protocol: Azure Active Directory supports WS-Federation 1.2 as per the Web Services Federation Version 1.2 Specification. For more information about the federation metadata document, please see Federation Metadata.
Supported token and claim types: You can use this guide to understand and evaluate the claims in the SAML 2.0 and JSON Web Tokens (JWT) tokens.
These overview presentations on developing apps by using Azure Active Directory feature speakers who work directly in the engineering team. The presentations cover fundamental topics, including IDMaaS, authentication, identity federation, and single sign-on.
- Microsoft Identity: State of the Union and Future Direction
- Azure Active Directory: Identity management as a service for modern applications
- Develop modern web applications with Azure Active Directory
- Develop modern native applications with Azure Active Directory
Azure Friday is a recurring Friday 1:1 video series that's dedicated to bringing you short (10–15 minutes) interviews with experts on a variety of Azure topics. Use the Services Filter feature on the page to see all Azure Active Directory videos.
Active Directory Team blog: The latest developments in the world of Azure Active Directory.
Azure Active Directory Graph Team blog: Azure Active Directory information that's specific to the Graph API.
Cloud Identity: Thoughts on identity management as a service, from a principal Azure Active Directory PM.
Azure Active Directory on Twitter: Azure Active Directory announcements in 140 characters or fewer.