In the direction of OneTrueDigitalIdentity;-)

%3CLINGO-SUB%20id%3D%22lingo-sub-1483045%22%20slang%3D%22en-US%22%3EIn%20the%20direction%20of%20OneTrueDigitalIdentity%3B-)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1483045%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20previous%20version%20where%20B2C%20utilized%20the%20graph.net%20and%20the%20user%20journeys%20where%20not%20based%20on%20%E2%80%98AlternativeSecurityId%E2%80%99%20I%20was%20able%20to%20setup%20one%20B2C%20identity%20to%20multiple%20IDP%E2%80%99s%3B%20extremely%20nice%20where%20you%20can%20easily%20migrate%20to%20different%20IDP%E2%80%99s%20(eg%20in%20an%20overlap%20period%20between%20IDP's)%20or%20even%20make%20it%20possible%20to%20log%20on%20to%20a%20base%20identity%20and%20level%20up%20to%20a%20privilege%20identity%20in%20a%20shortest%20period%20of%20time%20(the%20extended%20PIM%20functionality).%20During%20COVID19%20where%20employees%20work%20from%20remote%20locations%20shows%20we%20need%20better%20security%20concepts%20and%20moving%20away%20from%20a%20static%20to%20a%20far%20more%20secure%20and%20dynamic%20world.%20With%20the%20previous%20models%20we%20where%20able%20to%20do%20also%20callbacks%20to%20the%20different%20IDP%E2%80%99s%20and%20control%20them%20with%20even%20better%20conditional%20access%20concepts%3A%20the%20company%20(the%20tenant%20owner)%20more%20in%20focus%20and%20making%20it%20far%20more%20difficult%20to%20do%20identity%20theft.%3CBR%20%2F%3ECan%20the%20identity%20team%20show%20an%20example%20on%20how%20to%20utilize%20such%20functionality%20after%20the%20transition%20to%20Graph%20and%20%E2%80%98AlternativeSecurityId%E2%80%99%3F%20I%20have%20done%20some%20attemps%2C%20but%20I%20can't%20get%20it%20to%20work%20as%20the%20previous%20implementation.%20Just%20love%20the%20Graph%20functionality%20and%20I%20have%20also%20shown%20how%20to%20improve%20the%20security%20concepts%20with%20the%20access%20token%20through%20a%20authentication%20chain.%20Do%20love%20to%20discuss%20this%20even%20further%E2%80%A6%3CBR%20%2F%3EPlease%20also%20provide%20an%20example%20to%20do%20the%20IEF%20User%20Journeys%20with%20Microsoft%20Authenticator%20app%20as%20yet%20another%20of%20the%20MFA%20concepts%3B%20excellent%20stuff..%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EBest%20regards%3CBR%20%2F%3EMrSmith%3CBR%20%2F%3E%3CBR%20%2F%3EBTW%3A%20love%20to%20bring%20this%20also%20into%20the%20main%20tenant.%20(The%26nbsp%3B%3CSPAN%3EB2B%20stuff%20we%20all%20know%3A%20but%20why%20not%20also%20find%20a%20better%20license%20model%3B%20it's%20old%20fashioned%20with%20the%20static%201%20to%205%20model%3A%20in%20modern%20clouds%20a%20more%20dynamic%20approach%20is%20preferable%3B%20I%20do%20have%20some%20great%20suggestions%3B-))%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1484037%22%20slang%3D%22en-US%22%3ERe%3A%20In%20the%20direction%20of%20OneTrueDigitalIdentity%3B-)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1484037%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F207021%22%20target%3D%22_blank%22%3E%40Kjetil%20Smith%3C%2FA%3E%26nbsp%3B-%20thanks%20for%20the%20suggestions%20on%20samples%20with%20Graph%20and%20AltSecId%20as%20well%20as%20authoring%20user%20journeys%20with%20authenticator%20app%20-%20we%20will%20take%20the%20suggestions%20back%20to%20our%20docs%20team.%20As%20you%20are%20aware%2C%20we%20are%20working%20on%20Azure%20AD%20External%20Identities%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fservices%2Factive-directory%2Fexternal-identities%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fservices%2Factive-directory%2Fexternal-identities%2F%3C%2FA%3E%26nbsp%3B-%20and%20as%20part%20of%20that%2C%20please%20stay%20tuned%20for%20licensing%20updates%20as%20well!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

In the previous version where B2C utilized the graph.net and the user journeys where not based on ‘AlternativeSecurityId’ I was able to setup one B2C identity to multiple IDP’s; extremely nice where you can easily migrate to different IDP’s (eg in an overlap period between IDP's) or even make it possible to log on to a base identity and level up to a privilege identity in a shortest period of time (the extended PIM functionality). During COVID19 where employees work from remote locations shows we need better security concepts and moving away from a static to a far more secure and dynamic world. With the previous models we where able to do also callbacks to the different IDP’s and control them with even better conditional access concepts: the company (the tenant owner) more in focus and making it far more difficult to do identity theft.
Can the identity team show an example on how to utilize such functionality after the transition to Graph and ‘AlternativeSecurityId’? I have done some attemps, but I can't get it to work as the previous implementation. Just love the Graph functionality and I have also shown how to improve the security concepts with the access token through a authentication chain. Do love to discuss this even further…
Please also provide an example to do the IEF User Journeys with Microsoft Authenticator app as yet another of the MFA concepts; excellent stuff..     

Best regards
MrSmith

BTW: love to bring this also into the main tenant. (The B2B stuff we all know: but why not also find a better license model; it's old fashioned with the static 1 to 5 model: in modern clouds a more dynamic approach is preferable; I do have some great suggestions;-)) 

   

1 Reply
Highlighted

@Kjetil Smith - thanks for the suggestions on samples with Graph and AltSecId as well as authoring user journeys with authenticator app - we will take the suggestions back to our docs team. As you are aware, we are working on Azure AD External Identities - https://azure.microsoft.com/en-us/services/active-directory/external-identities/ - and as part of that, please stay tuned for licensing updates as well!