Example: Azure Identity Management

The BBM Enterprise infrastructure can authenticate a user with Azure Active Directory. If your users already sign in to your app using Azure Active Directory, you can easily extend the implementation to allow the BBM Enterprise infrastructure to use Azure Active Directory for access and identity management.

Authenticating BBM Enterprise Users with Azure Active Directory

Azure Active Directory supports JSON Web Tokens (JWT). Your app needs to pass the JWT access token along with the user ID to the BBM Enterprise SDK so that the user is authenticated against your Azure Active Directory. Your app can parse the JWT access token returned from the Azure authentication service to get the Active Directory user ID and other information.

In Microsoft Azure, each access token must be used for a specific resource. The scope parameter sent in the authentication request can contain multiple permissions, but all the permissions must be for the same resource. The access token that is used for the BBM Enterprise SDK must not be used for other resources such as Microsoft Graph API.

Configure Azure for BBM Enterprise SDK

To use Azure Active Directory for authenticating a user with the BBM Enterprise SDK, follow the steps in the section below to register a Web API with a scope defining the permission to use BBM Enterprise SDK. This allows the BBM Enterprise servers to validate the access token that your app received from the Azure Active Directory authentication service.

Note: These instructions assume your app will use Azure Active Directory v2.0 authentication API.

App Registration

From the Azure Application Registration Portal add a new App.

Add a Permission Scope for the BBM Enterprise SDK

Continuing in Azure Application Registration Portal, add a permission scope for the BBM Enterprise SDK.

Azure Portal

Azure Portal

Modifying an example app to use Azure Active Directory

The BBM Enterprise SDK examples can be set up to use Azure Active Directory for Identity Management.