Config Schema
| Field | Type | Description | Secret |
|---|---|---|---|
client_id | string | The unique identifier that's assigned to an application when it's registered in Azure AD | false |
client_secret | string | password or key that's used by an application to authenticate itself to Azure AD | true |
tenant_id | string | The unique identifier of the Azure Active Directory instance. | false |
Docs
Access
This Access Provider provisions a temporary Azure Ad Group assignment.
This Access Provider uses the following permission scopes:
- Use Application permissions from Microsoft Graph
- Search for User and add:
User.ReadWrite.All - search for Group and add:
Group.ReadWrite.All - search for GroupMember and add:
GroupMember.ReadWrite.All
Getting started
Prerequisites
To use this Access Provider you'll need to have deployed Common Fate. You'll also need to download the cf CLI.
You will also need AWS credentials with the ability to deploy CloudFormation templates.
1. Generate credentials
You'll need to create some credentials in Azure Portal to configure this provider
Tenant ID
Used as tenant_id
Navigate to the Overview tab in the Azure portal, and get the required Directory(Tenant ID) from the Essentials section.
Client ID
Used as client_id
In the same dashboard as above, get the required Application(Client ID)
Client Secret
Used as client_secret
Navigate to the Certificates & secrets tab in the left hand Nav of the Azure portal.
Under Client secrets, click Create a new secret.
Give the secret a descriptive name, like Common-Fate-Token. It will create a secret and display a table showing the secret value.
Copy the secret value and use it for the client_secret input.
Click Close.
2. Deploy the Access Provider
To deploy this Access Provider, open a terminal window and assume an AWS role with access to deploy CloudFormation resources in the Common Fate account. Then, run:
cf provider deploy
and select the common-fate/azure-ad Provider when prompted.
Need Help?
Join our Slack Community