## Microsoft Entra ID Overview

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service. It serves as the central 
identity provider for Microsoft 365, Azure, and thousands of other SaaS applications.

Key Features:
* **Single Sign-On (SSO)** - Users authenticate once to access multiple applications
* **Multi-Factor Authentication (MFA)** - Enhanced security through additional verification methods
* **Conditional Access** - Policy-based access control based on user, device, location, and risk
* **Application Integration** - Supports modern authentication protocols like OAuth 2.0, OpenID Connect, and SAML

## Learning Objective
Microsoft Entra ID can be used as an identity provider on AgentCore Identity and used to authenticate users and have them authorize the agent to acccess protected resources on their behalf. In this notebook we will explore the use of Entra ID for inbound authentication - Authenticate users before they can invoke an agent.

## Authorization Code Flow
The OAuth 2.0 authorization code flow is the recommended approach for web applications to securely authenticate users and obtain access tokens. This 
flow involves:
1. Redirecting users to Entra ID for authentication
2. Receiving an authorization code after successful login
3. Exchanging the code for access and refresh tokens
4. Using tokens to access protected resources

This integration pattern allows AgentCore to leverage Entra ID's robust identity management capabilities while maintaining secure, standards-based authentication for your applications.

<img src="images/auth_code_flow" width="75%"/>

## Learning Objectvie 1: Setup Entra ID for use with AgentCore

### Step 1: Setup Entra ID Tenant
An Entra ID tenant is a dedicated instance of Microsoft Entra ID that represents your organization. Think of it as your organization's isolated directory in Microsoft's cloud.

Key Characteristics:
* **Unique Identity** - Each tenant has a unique domain (e.g., yourcompany.onmicrosoft.com)
* **Isolated Boundary** - Users, groups, and applications in one tenant are separate from others
* **Administrative Control** - Tenant admins manage users, security policies, and application registrations
* **Multi-Domain Support** - Can include custom domains alongside the default .onmicrosoft.com domain

In Practice:
When you register an application with Entra ID for OAuth integration, you're registering it within a specific tenant. Users from that tenant can then authenticate against your application using their organizational credentials.

For AgentCore integration, you'll need:
* **Tenant ID** - Unique identifier for the Entra ID instance
* **Application Registration** - Your app registered within the tenant
* **Appropriate Permissions** - Configured access rights for your application

This tenant-based model ensures that authentication and authorization remain within your organization's security boundary.

Steps to create a tenant can be found at https://learn.microsoft.com/en-us/entra/fundamentals/create-new-tenant

### Step 2: Setup Application
1. Go to portal.azure.com and search for "Entra ID" in the serch bar at the top of the screen
<img src="images/1.entraid.jpg" width="75%">
2. Got to manage --> App Registrations
<img src="images/2.app.registration.png" width="75%">
3. Click "New Registration" and fill in the details. Make sure you select the multi tenant option
- Use "https://bedrock-agentcore.us-west-2.amazonaws.com/identities/oauth2/callback" or "https://bedrock-agentcore.us-east-1.amazonaws.com/identities/oauth2/callback" as the redirect URL depending on which regiion you will have your agent running.
<img src="images/3.app.registration.form.png" width="75%">
4. Create a client secret. Copy the client secret and client ID for use in AgentCore.
<img src="images/3.gather.client.info.png" width="75%">
5. Create SCopes for OAuth. Go to Expose an API --> Add Scope. Copy and save full scope. 
<img src="images/4.expose.api.png" width="75%">

## Learning Objective 2 - Setup a simple agent with Entra ID for inbound authentication

#### Some prerequisites

In [120]:
!pip3 install -r requirements.txt --q # in quite mode to reduce output to the console/notebook


[1m[[0m[34;49mnotice[0m[1;39;49m][0m[39;49m A new release of pip is available: [0m[31;49m24.3.1[0m[39;49m -> [0m[32;49m25.2[0m
[1m[[0m[34;49mnotice[0m[1;39;49m][0m[39;49m To update, run: [0m[32;49mpip3 install --upgrade pip[0m


In [124]:
import os
import uuid
from role_definition import create_role
import boto3
from boto3.session import Session
from bedrock_agentcore_starter_toolkit import Runtime

boto_session = Session()
sts = boto3.client('sts')
region = boto_session.region_name
account_id = sts.get_caller_identity().get("Account")

#### Setting environment variables for some key information we will need througout this notebook. 
Please note that the audience will be same as the "Application ID URI" from Step 2.5 above.

In [121]:
os.environ["client_id"] = "08c1e356-2aad-4702-9ba9-26f9339c0d17" # Replace with your client ID
os.environ["secret"] = "K.s8Q~sAorVGAA7BhtFfZnZo.LsR1zbjxZlfsdi3" # Replace with your secret
os.environ["scope"] = "api://08c1e356-2aad-4702-9ba9-26f9339c0d17/read" # Replace with your scope
os.environ["tenant_id"] = "bc244f8c-55fd-4a2d-958b-aa7ab5df1f19"
os.environ["audience"] = "api://08c1e356-2aad-4702-9ba9-26f9339c0d17"

#### Create a new role for use with AgentCore

In [122]:
role_name = "BedrockAgentCoreRole"
role = create_role(role_name, region, account_id)
role_name = role['Role']['RoleName']
role_arn = role['Role']['Arn']

#### Agent Code
Keeping the agent simple since the key learning objective for this notebook is to learn inbound authentication using Entra ID

In [123]:
%%writefile strands_wo_memory.py
import argparse, json
from strands import Agent, tool
from bedrock_agentcore.runtime import BedrockAgentCoreApp

app = BedrockAgentCoreApp()

agent = Agent()

@app.entrypoint
def strands_agent_bedrock(payload, context):
    print("Context object is ....", context)
    prompt = payload.get("prompt","hello")
    response = agent(prompt)
    return response

if __name__ == "__main__":
    app.run()

Overwriting strands_wo_memory.py


#### Configure your runtime with `authorizer_configuration` to enforce inbound authentication. 
You will use a `customJWTAuthorizer` for inbound authentication using Entra ID. Note how the discovery_url is building using Tenant ID

In [125]:
agentcore_runtime = Runtime()
discovery_url = f"https://login.microsoftonline.com/{os.environ["tenant_id"]}/.well-known/openid-configuration"
response = agentcore_runtime.configure(
    entrypoint="strands_wo_memory.py",
    execution_role="BedrockAgentCoreRole",
    auto_create_ecr=True,
    requirements_file="requirements.txt",
    region=region,
    agent_name="strands_wo_memory_entra_inbound",
    authorizer_configuration = {
        "customJWTAuthorizer": {
            "discoveryUrl": discovery_url,
            "allowedAudience": [os.environ["audience"]]
        }
    }
)
response

Entrypoint parsed: file=/Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/strands_wo_memory.py, bedrock_agentcore_name=strands_wo_memory
Configuring BedrockAgentCore agent: strands_wo_memory_entra_inbound
Generated Dockerfile: /Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/Dockerfile
Generated .dockerignore: /Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/.dockerignore
Keeping 'strands_wo_memory_entra_inbound' as default agent
Bedrock AgentCore configured: /Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/.bedrock_agentcore.yaml


ConfigureResult(config_path=PosixPath('/Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/.bedrock_agentcore.yaml'), dockerfile_path=PosixPath('/Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/Dockerfile'), dockerignore_path=PosixPath('/Users/dhegde/Documents/Code/AgentCore/GITHUB/amazon-bedrock-agentcore-samples/04-LearningPath/.dockerignore'), runtime='Docker', region='us-west-2', account_id='135808924095', execution_role='arn:aws:iam::135808924095:role/BedrockAgentCoreRole', ecr_repository=None, auto_create_ecr=True)

## Learning Objective 3 - Using MSAL to authenticate and get bearer token
#### Start authentication flow using device auth code
<img src="images/msal_code.png" width="75%">
<img src="images/msa_enter_code.png" width="75%">

#### Login using user ID and password. Or select a user if already logged in.
<img src="images/msal_select_user.png" width="75%">
<img src="images/msal_confirm.png" width="75%">
<img src="images/msal_done.png" width="75%">


#### Once done, you will get control back into your notebook and bearer token for the user will be available
<img src="images/msal_bearer_token_received.png" width="75%">

In [126]:
import msal
import webbrowser

# Configuration details from your Entra ID app registration
CLIENT_ID = os.environ["client_id"]  # Replace with your Application (client) ID
TENANT_ID = os.environ["tenant_id"]  # Replace with your Directory (tenant) ID
AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}"
REDIRECT_URI = "https://bedrock-agentcore.us-west-2.amazonaws.com/identities/oauth2/callback" # Must match the Redirect URI in your app registration
SCOPES = [os.environ["scope"]] # Example scopes, adjust as needed

# Create a PublicClientApplication instance
app = msal.PublicClientApplication(
    client_id=os.environ["client_id"],
    authority=AUTHORITY,
)

# Attempt to acquire token silently from cache first
result = app.acquire_token_silent(SCOPES, account=None)

if not result:
    # If no token in cache, initiate interactive flow
    flow = app.initiate_device_flow(scopes=SCOPES)
    if "user_code" not in flow:
        raise ValueError("Failed to initiate device flow. No user_code found.")

    print(flow["message"])
    webbrowser.open(flow["verification_uri"]) # Open the verification URL in browser

    # Wait for user to complete authentication
    result = app.acquire_token_by_device_flow(flow)

if "access_token" in result:
    access_token = result["access_token"]
    print(f"Bearer Token Received: {access_token[:20]}...")
    # You can now use this access_token to call protected APIs
else:
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code APGKLZGCH to authenticate.
Bearer Token Received: eyJ0eXAiOiJKV1QiLCJh...


In [128]:
bearer_token_entra = result["access_token"]

## Learning Objective 3 - Deploy agent and invoke using bearer token received earlier

#### Deploy Runtime Agent

In [129]:
#strands_wo_memory_launch_response = strands_wo_memory_runtime.launch(local_build=True)
strands_wo_memory_launch_response = agentcore_runtime.launch(local_build=True)

🔧 Local build mode: building locally, deploying to cloud (NEW OPTION!)
   • Build container locally with Docker
   • Deploy to Bedrock AgentCore cloud runtime
   • Requires Docker/Finch/Podman to be installed
   • Use when you need custom build control
Launching Bedrock AgentCore agent 'strands_wo_memory_entra_inbound' to cloud
Docker image built: bedrock_agentcore-strands_wo_memory_entra_inbound:latest
Using execution role from config: arn:aws:iam::135808924095:role/BedrockAgentCoreRole
✅ Execution role validation passed: arn:aws:iam::135808924095:role/BedrockAgentCoreRole
Uploading to ECR...
Getting or creating ECR repository for agent: strands_wo_memory_entra_inbound
✅ ECR repository available: 135808924095.dkr.ecr.us-west-2.amazonaws.com/bedrock-agentcore-strands_wo_memory_entra_inbound


✅ Reusing existing ECR repository: 135808924095.dkr.ecr.us-west-2.amazonaws.com/bedrock-agentcore-strands_wo_memory_entra_inbound


Authenticating with registry...
Registry authentication successful
Tagging image: bedrock_agentcore-strands_wo_memory_entra_inbound:latest -> 135808924095.dkr.ecr.us-west-2.amazonaws.com/bedrock-agentcore-strands_wo_memory_entra_inbound:latest
Pushing image to registry...


The push refers to repository [135808924095.dkr.ecr.us-west-2.amazonaws.com/bedrock-agentcore-strands_wo_memory_entra_inbound]
13347a9dd18b: Waiting
7b5dfa58994b: Waiting
36d983c178a0: Waiting
c071395ab469: Waiting
8ceda8701bf8: Waiting
08e92c0a38b7: Waiting
10c56848fe13: Waiting
9a6263cdeaa5: Waiting
3cd5add3ba33: Waiting
ecf18c6e3dd3: Waiting
bb1fe034a887: Waiting
7b5dfa58994b: Waiting
36d983c178a0: Waiting
c071395ab469: Waiting
13347a9dd18b: Waiting
9a6263cdeaa5: Waiting
3cd5add3ba33: Waiting
ecf18c6e3dd3: Waiting
bb1fe034a887: Waiting
8ceda8701bf8: Waiting
08e92c0a38b7: Waiting
10c56848fe13: Waiting
13347a9dd18b: Waiting
7b5dfa58994b: Layer already exists
36d983c178a0: Layer already exists
c071395ab469: Layer already exists
10c56848fe13: Waiting
9a6263cdeaa5: Layer already exists
3cd5add3ba33: Layer already exists
ecf18c6e3dd3: Layer already exists
bb1fe034a887: Layer already exists
8ceda8701bf8: Layer already exists
08e92c0a38b7: Layer already exists
13347a9dd18b: Pushed
10c56848f

Image pushed successfully
Image uploaded to ECR: 135808924095.dkr.ecr.us-west-2.amazonaws.com/bedrock-agentcore-strands_wo_memory_entra_inbound
Deploying to Bedrock AgentCore...


latest: digest: sha256:814dfaa8ab8ea283b16574e11cac5f6ec2f65dbe42e3eaf9d2112e3d02a5e404 size: 856


⚠️ Session ID will be reset to connect to the updated agent. The previous agent remains accessible via the original session ID: 4ff94ef6-79f1-11f0-9237-8af837b576d4
✅ Agent created/updated: arn:aws:bedrock-agentcore:us-west-2:135808924095:runtime/strands_wo_memory_entra_inbound-2jY4buGomW
Polling for endpoint to be ready...
Agent endpoint: arn:aws:bedrock-agentcore:us-west-2:135808924095:runtime/strands_wo_memory_entra_inbound-2jY4buGomW/runtime-endpoint/DEFAULT
Deployed to cloud: arn:aws:bedrock-agentcore:us-west-2:135808924095:runtime/strands_wo_memory_entra_inbound-2jY4buGomW


In [139]:
import urllib.parse, requests

# URL encode the agent ARN
escaped_agent_arn = urllib.parse.quote(strands_wo_memory_launch_response.agent_arn, safe='')

# Construct the URL
url = f"https://bedrock-agentcore.{region}.amazonaws.com/runtimes/{escaped_agent_arn}/invocations?qualifier=DEFAULT"
session_id = str(uuid.uuid1())
headers = {
    "Authorization": f"Bearer {bearer_token_entra}",
    "X-Amzn-Bedrock-AgentCore-Runtime-Session-Id": session_id,
    "X-Amzn-Trace-Id": "1234567890" 
}
http_response = requests.post(url, data=json.dumps(
                                {"prompt":"Hello! I am John Doe. I like brick oven pizza!", "user_id":spa_config['user1']['username']}), 
                                headers=headers
                             )
http_response.text

'"Hello John! Nice to meet you! Brick oven pizza is fantastic - there\'s something special about that high heat and wood-fired flavor that really makes the crust and toppings shine. Do you have a favorite type of brick oven pizza, or a go-to place where you like to get it? I\'d love to hear what draws you to that style of pizza specifically!\\n"'

#### Ealier interactions in this session are available through agents.messages. AgentCore memory is not used. Agent will not recollect earlier interaction if a new session ID is used.

In [140]:
http_response = requests.post(url, data=json.dumps(
                                {"prompt":"Who am I?", "user_id":spa_config['user1']['username']}), 
                                headers=headers
                             )
http_response.text

'"You\'re John Doe! You introduced yourself at the beginning of our conversation and mentioned that you like brick oven pizza.\\n"'