ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-15 03:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2d377d1423e0077f25cb15763a6bbc61a1b4ff40
onefuzz/docs/AADEntitites.md
Cheick Keita 3c0f6f56a7 Azure AD entities description (#896) 
Added a description of the configuration of azure AD entities

closes #875
2021-05-17 12:44:45 +00:00

1.6 KiB
Raw Blame History

Azure Active Directory Entities

This document describes the configuration of entities create in Azure AD by our deployment script

OneFuzz Application Registration

This is the registration of the OneFuzz instance.

  • name : <instance_name>
  • app roles
    • ManagedNode
      • value: ManagedNode
      • Allowed Member types: Applications
    • CliClient
      • value: ManagedNode
      • Allowed Member types: Applications
  • API Permissions
  • scope
    • user_impersonation
  • Authorized application:
    • OneFuzz CLI registration

Onefuzz Application Service Principal

Service principal linked to the OneFuzz application registration.

  • name: <instance_name>
  • Application Id: <OneFuzz Application registration app_id>

OneFuzz CLI registration

The registration for the command line interface.

  • name: <instance_name>-cli

OneFuzz CLI Service Principal

Service principal linked to the OneFuzz CLI application registration.

  • name: <instance_name>-cli
  • Application Id: <OneFuzz CLI registration app_id>
  • User Assignment required: true
  • Permission
    • CliClient (from OneFuzz Application registration)

Managed Node Service Principal

This entity is available after the first deployment. This is the service principal associated with the user-assigned managed identity <instance_name>-<scaleset_id>.

  • name: <instance_name>-<scaleset_id>
  • Service Principal
    • Permission
      • ManagedNode (from OneFuzz Application registration)