You don't have access to this class

Keep learning! Join and start boosting your career

Aprovecha el precio especial y haz tu profesión a prueba de IA

Antes: $249

Currency
$209
Suscríbete

Termina en:

1 Días
13 Hrs
7 Min
23 Seg
Curso de Azure Active Directory

Curso de Azure Active Directory

Luis Antonio Ruvalcaba Sanchez

Luis Antonio Ruvalcaba Sanchez

Introducción a las políticas personalizadas

16/28
Resources

What are custom policies in Azure?

Imagine being able to rigorously define the steps for authentication and user management in your application. Custom policies in Azure allow you to do just that through XML files. These files are the heart of the configuration, where you define how your identity experience will behave when registering, logging in, modifying profiles or resetting passwords. Using Visual Studio Code with the right plug-in makes it easy to edit them.

How are custom policies uploaded and validated?

Once edited, these XML files must be uploaded to the Azure portal under the identity experience category. During this process, a syntax validation is performed to ensure that the file is correct. However, it should be noted that errors can still arise at runtime, so it is crucial to perform a debug of the identity solutions once uploaded to Azure.

How are custom policies hierarchically structured?

Custom policies are made up of a hierarchical structure that includes:

  • A base file
  • An extension file
  • The policy to be executed

For example, for login, there is a specific file that refers to both the base file and the relevant extensions. This allows trust to be orchestrated between different entities, such as local accounts, social networks, or external providers using standard protocols such as OpenID Connect.

Practical Implementation of Custom Policies

Implementing custom policies is a flexible and adaptable process for different scenarios. Let's look at how to get started and recommendations for effective use.

What are the key components of XML files?

XML files include several fundamental building blocks:

  • User interaction: Defines how the user will interact with the application.
  • Client definition: Determines which clients will be used.
  • Business logic: Specifies the steps to log in, change password or modify the profile.

These elements are configured to work initially with a quick start package, which facilitates the setting of the active directory and the execution of necessary configuration tasks.

How do users interact with policies?

When logging in, the user executes a previously defined policy. This policy contains a "user journey", a series of steps and conditions that must be met to authenticate the user. Each step may involve different processes, such as:

  • Selection of social or local accounts
  • Calls to a REST API
  • Validation or writing information to the active directory.

At the conclusion of all steps, it is critical to have the application response URI configured to receive the necessary token.

Recommendations for the use of policies

When dealing with custom policies, it is crucial to follow certain recommendations to ensure optimal performance:

  1. High Availability: Ensure that any APIs used are configured to support high availability.
  2. Content Delivery Network (CDN): Store images, styles or scripts in a CDN to improve response times and avoid overloading the origin.
  3. Prudent modifications: Always modify policies in extension or trusted usage files, avoiding changing the base policy unless necessary.

Remember that custom policies offer a wide range of possible scenarios and examples. They are a powerful tool for configuring how identities are managed in Azure, and your learning and adapting to these practices will be key to their effective implementation in your projects.

Contributions 3

Questions 1

Sort by:

Want to see more contributions, questions and answers from the community?

Introducción a las políticas personalizadas

Las directivas personalizadas son archivos de configuración que definen el comportamiento del inquilino de Azure Active Directory B2C

Orquesta la confianza entre entidades utilizando protocolos estándar (OpenID Connect, OAuth, SAML).

Una directiva se presenta como uno mas archivos en formato XML que se hacen referencia entre sí en una cadena jerárquica

Los elementos XML definen los bloques de creación, la interacción con el usuario y otras entidades, así como la lógica de negocios.

Existe un paquete de inicio que incluye varias directivas predefinidas para que puedas empezar de una manera rápida.

Los diferentes paquetes existentes contienen el menor numero de perfiles técnicos y recorridos de usuario para lograr los siguientes escenarios:

• Cuentas Locales
• Cuentas Sociales
• Cuentas locales y sociales
• Cuentas sociales y locales con MFA

Notificaciones (Claims)

Proporcionan almacenamiento temporal durante la ejecución de una directiva de Azure AD B2C. Pueden incluir información sobre el usuario como nombre, apellido, etc.

Un perfil técnico de validación:

Un perfil técnico de validación es un método para llamar a cualquier perfil técnico no interactivo, el perfil técnico puede devolver notificaciones de salida o un mensaje de error.

Modelo de Herencia:

Cada paquete de inicio incluye los siguientes archivos:

• Un archivo base
• Un archivo de extensiones
• Un archivo de usuario de Confianza

La extension de visual studio code que edita xml es Azure Ad B2C

Procedimientos recomendados: * Crea la lógica en la directiva de extensión o en la directiva del usuario de confianza. * En la directiva base, se recomienda evitar cualquier tipo de cambio.