Summer is soon finished, and my blogging will restart. This time, I am checking out the newly documented endpoint for managing connected organizations, used by Azure AD Entitlement Management for having different workflows depending on the relationship to the external organization. This could be:
Continue reading “Managing Azure AD Connected Organizations through Graph”
- Having an external or internal sponsor approve requests, such as an account manager being able to approve access to their customers
- Having an external sponsor reviewing who of their users should still have access to your systems, through the access review feature
- Having certain access packages only being visible to your connected organizations
The documentation on how to authenticate to Azure AD using a client credentials grant and certificate is decent, but it leaves a few open questions, I have experienced. Here is a quick guide on how to actually do this, properly detailed, with a simple Azure Function as an example using KeyVault.
Continue reading “Authenticating to Azure AD as an application using certificate based client credential grant”
External Identities just got a hell of a lot closer to B2C, with the API Connectors feature, allowing external API calls to happen before user creation and after signing in with an identity provider. As in my last post about the new External Identities feature, this post will be me exploring the new feature, simply blogging about my experience with it, and which awesome and not so awesome stuff I find.
Continue reading “Testing out the new API Connectors feature of Azure AD External Identities”
This will be my shortest blog post ever. Here is a way to get the service principal of the managed identity for a Logic App, deployed using ARM. This is everything you need to i.e. add an access policy to keyvault:
"value": "[reference(concat(resourceId('Microsoft.Logic/workflows', parameters('name')), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2018-11-30').principalId]"
"value": "[reference(concat(resourceId('Microsoft.Logic/workflows', parameters('name')), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2018-11-30').tenantId]"
The ‘name’ variable is the name of the LogicApp, logically enough 😉
I have been building a system for generating a set of predefined access packages per customer for my current employer, a CSP, and figured I could document a few of the things I think works when using LogicApps combined with the Microsoft Graph.
Continue reading “Azure LogicApps using Microsoft Graph”
The docs.microsoft.com pages contain several examples for managing Entitlement Management, however, you can never get enough examples. Also, an end to end example can be useful some times, so here you go.
Continue reading “Azure AD Entitlement Management Graph Examples”
In this blog post i will dive into these new things, to see what these new features can provide of value to Azure AD customers.
Continue reading “Testing out Azure AD External Identities”
Microsoft just launched the preview for the “Text message” authentication method, for Azure AD users. Let’s try it out.
Continue reading “Trying out the new phone sign in feature for Azure AD”
Currently, automatically assigning users to access packages is not a feature available. It is on the Microsoft product group’s agenda, but not on public roadmap yet.
So I built a little PowerShell workaround, which works fine.
Continue reading “Birth right permissions using Azure AD Entitlement Management access packages”