Skip to content

Latest commit

 

History

History
79 lines (64 loc) · 4.92 KB

CICDINSTRUCTIONS.md

File metadata and controls

79 lines (64 loc) · 4.92 KB
Raw

Deploy custom policies from your Azure DevOps pipeline

This guide shows how to use Microsoft Graph apis for managing custom policies to deploy custom policies as part of your Azure DevOps pipeline.

Getting started

Prerequisites

This sample requires the following:

Fundamentals

The instructions use client credential flow to get a token. The token is then used to call Microsoft Graph apis.

Create a web application in Azure AD

  1. Sign in to the Azure Portal using your Microsoft account.

  2. Go to your Azure AD B2C tenant. you can do this by selecting book binding icon in top right corner portal.

  3. Select Azure Active Directory blade in the portal. Form the left menu, select App registrations (Legacy).

  4. From the command bar, select + icon which says 'New application registration'.

  5. Enter configuration as suggested below and select 'Create'

    1. Name :a name of your choice. Let's call it B2CDeployApp.
    2. Application type : Web app/API
    3. Sign-on URL : https://jwt.ms (you can choose any url of your choice).

  6. After the app is created. Go to the app, select 'Settings' and then 'Required Permissions' from the menu.

  7. Select 'Add'. And then 'Select an API'

  8. Select 'Microsoft Graph' from the list and then select Create.

  9. Select 'Select permissions'. From APPLICATION PERMISSIONS, check 'Read and write your organization's trust framework policies'.

  10. Choose 'Select' at the bottom, and then 'Done'.

  11. Select 'Grant permissions' to grant newly selected permissions consent to the app.

  12. There will be a dialogue box, select 'Yes'.

Create password for the new app.

  1. In settings for the app, select 'Keys'.
  2. Under 'Passwords' section, enter a description such as 'devopskey' and select 'Save'.
  3. A value for the password will be shown, copy and paste it in a safe place. This is a sensitive piece of information.
  4. Navigate to the overview page of the app, and copy the 'Application ID'. It will be used in next steps.

Configure yor Azure DevOps git repository

  1. Sign in to your Azure DevOps organization and navigate to your project.
  2. In your project, navigate to the 'files' page.
  3. Create a folder called 'B2CAssets'
  4. Add your Azure AD B2C Policies here.
  5. Create another folder with name Scripts.
  6. Copy the PowerShell Script named 'DeployToB2c.ps1' from this sample to the newly created folder in your repo.
    1. The script gets a token from Azure AD based on the config and then calls Microsoft Graph Api to upload the policy.

Configure your Azure DevOps release pipeline

  1. Sign in to your Azure DevOps organization and navigate to your project.

  2. In your project, navigate to the 'Release' page under 'Pipelines'. Then choose the action to create a new pipeline.

  3. Select 'Empty Job' at the top of navigation pane to choose a template.

  4. In the next screen, enter a name for the stage such as 'DeployCustomPolicies'

  5. Add an artifact to the pipeline, follow prompts and choose your repo. For this guide, the repo should be a git repo.

  6. Switch to 'Variables' tab.

  7. Add following variables

    1. Name: clientId, Value: 'applicationId of the app you created earlier'
    2. Name: clientSecret, Value: 'password of the app you created earlier'.
      • Please make sure to change variable type to 'Secret' by selecting the lock icon next to Value field.
    3. Name: tenantId, Value: 'yourtenant.onmicrosoft.com'

  8. Switch to Tasks tab

  9. Select Agent job, and then select '+' to add a task to the Agent job. From right side search for 'PowerShell' and add it. There might be multiple 'PowerShell' tasks, such as Azure PowerShell etc. Please choose the one which says just 'PowerShell'.

  10. Select newly added 'PowerShell Script' task.

  11. Enter following values

    1. Task Version: 1.*
    2. Type : File Path
    3. Script Path: '$(System.DefaultWorkingDirectory)/yourartifactalias/Scripts/DeployToB2C.ps1'
      • this is the path to the script file you had added earlier.
    4. Arguments: -ClientID $(clientId) -ClientSecret $(clientSecret) -TenantId $(tenantId) -PolicyId B2C_1A_TrustFrameworkBase -PathToFile $(System.DefaultWorkingDirectory)/yourartifactalias/B2CAssets/TrustFrameworkBase.xml
      • Choose policy names and file path accordingly.
      • Your artifact alias can be found at the bottom of your Artifacts settings as "Source alias" looks like this: _NameOfMyProject

  12. Save the pipeline.

  13. Create release and run the pipeline. You can check results if the deployment was successful.

  14. This sample uploads only one policy. Feel free to modify the PowerShell script to upload more policies. Or you can add the same task with different parameters multiple times.