Identity Management Features in Visual Studio 2015
In Visual Studio 2015 we have made radical changes to sign in experiences and connecting to your online resources. You can now chose to use a single account across many developer services, or use multiple accounts across Visual Studio. All of this is possible because of the new Visual Studio Account Manager. The account manager makes every sign-in global to the IDE, reducing the number of times Visual Studio prompts for credentials when connecting to different services. The account manager also enables you to switch easily between multiple accounts, so that you no longer have any sign-out-then-sign-in-again flows in the IDE. We have been fine-tuning these capabilities throughout the prereleases. We first introduced the new account management experience in Preview. Since then, we have added more features and moved more developer services to consistently leverage the account manager. In this post, we will cover all the identity experiences that are new in Visual Studio 2015.
Single Sign On
You can sign in to Visual Studio through the link in the upper right corner or from features like Server Explorer or the New Project dialog. Every time you sign in, Visual Studio adds an account to what we call the keychain, or account manager. You can use that account to access other developer services in Visual Studio without having to reenter your credentials for each service separately. For example, once you sign in to Azure in Server Explorer, that account can be used later to publish a local Git repository to Visual Studio Online. When adding accounts to the account manager, you can use both Microsoft accounts and work or school accounts. Visual Studio manages and refreshes tokens for the accounts centrally to reduce redundant sign-in prompts.
Working with multiple accounts
While working with developer services from within Visual Studio, not only can you use an existing, already authenticated account, but you can also sign in to new accounts as you go.
The most common way you add new accounts to the account manager is through the account picker control. It provides a quick way to select or add the account you want to use when accessing services. The account picker appears in places like the New Project dialog, the New ASP.NET Project dialog, the Add Connected Service dialog, Publish to Visual Studio Online, and other experiences. Selecting the account upfront allows Visual Studio to automatically discover all your available resources, provide context about which account is associated with an action, and simplify the workflow for re-authenticating when you need to reenter your credentials. We call this the “account-first” model.
Even in workflows where selecting a user account is unnecessary, you will see the account manager at work. A feature we call the domain picker utilizes the account manager to automatically discover and list the domains associated with the directories in which your accounts are members. An example of the domain picker in use is when you are configuring Azure Active Directory Authentication for a web application project through the Connected Services dialog. This configuration restricts access to your web application to only users in the domain that you select.
You can find the list of all the accounts Visual Studio is using and manage them through the Account Settings dialog under the File menu. On this dialog, you can remove accounts, add new accounts, and filter directories for an account. Filtering is an advanced feature that becomes necessary if you are a Cloud Solution Provider that manages hundreds of customer subscriptions. We will talk more about this in a bit.
The list of user accounts managed inside Visual Studio roams to other devices when you sign in to Visual Studio with the same Personalization Account. Keep in mind that for security reasons, only the account list is roamed; none of the passwords or access tokens under each account are roamed. To start using the accounts in a new Visual Studio environment, you will have to reenter your credentials for each of them. User accounts are also shared across other apps in the Visual Studio family like Blend and Microsoft Test Manager.
The Personalization Account is just a user account like any other, which is why it appears in the list of all accounts. It is only special in that it is the user account to which all your personalized settings are anchored. Visual Studio displays the personalization account in the upper right corner of the IDE because of this bonus functionality, but you can use it like any other account.
For user accounts that are members of many Azure Active Directories, it can get rather challenging to find the resources you care about. This is particularly true for Cloud Solution Providers who manage hundreds or even thousands of customer directories and need to develop an application against a specific customer’s directory or subscription. In Visual Studio 2015, you can now filter a user account to a single directory from the Account Settings dialog. This global filter works much like the directory filter in the Azure portal. Once the filter is applied, all features in Visual Studio scope the resources to the ones available for the directory you set in your filter.
We have made strides in Visual Studio 2015 to improve the experience of connecting to developer services from within the IDE. Authentication and identity is a rapidly changing space, and we are continuing to iterate on new ways to make it easier for you to sign in to any service, from any app in the Visual Studio family. As always, we’re grateful for the ideas you share with us on UserVoice and through Send-a-Smile and the bugs you log on Connect that help make Visual Studio great!
|Ji Eun Kwon, Program Manager, Visual Studio Platform IDE|
Ji Eun Kwon is a Program Manager on the Visual Studio Platform team. Her primary focus is on identity and licensing experiences in the IDE. She is a recent graduate of Northwestern University with a degree in Computer Science and Economics.
|Anthony Cangialosi, Principal PM Manager, Visual Studio Platform IDE @ACangialosi|
Anthony has focused his career at Microsoft on building developer technologies. He is the program manager for Visual Studio’s Connected experiences and IDE. Anthony joined the Visual Studio team in 2001 and has contributed experiences across the IDE including VS’s identity infrastructure the Shell, the VS SDK, Ecosystem, VSIP, and mobile device development