From 380feafdb825e3ae7c993fc894af581812c1d87f Mon Sep 17 00:00:00 2001 From: Rishav Yaduvanshi Date: Tue, 12 Nov 2024 22:51:00 +0530 Subject: [PATCH 1/2] updated the DOC of azure-ad --- .../app-central/integrations/azure-ad.md | 52 +++++++++++-------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/docs/platform-services/automation-service/app-central/integrations/azure-ad.md b/docs/platform-services/automation-service/app-central/integrations/azure-ad.md index d922f88b50..48d7747759 100644 --- a/docs/platform-services/automation-service/app-central/integrations/azure-ad.md +++ b/docs/platform-services/automation-service/app-central/integrations/azure-ad.md @@ -6,51 +6,55 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; axonius -***Version: 1.8 -Updated: Jan 16, 2024*** +***Version: 1.9 +Updated: Nov 12, 2024*** Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources. ## Actions -* **Create User** *(Enrichment)* - Create a new user. -* **Delete User** *(Containment)* - Delete a specific user. -* **List Users** *(Enrichment)* - List all users. -* **Get User** (Enrichment) - Get details for a specific user. +* **Add Member To Group** *(Enrichment)* - Add a user to a specific group. * **Create Group** *(Enrichment)* - Create a group. +* **Create User** *(Enrichment)* - Create a new user. * **Delete Group** *(Containment)* -Delete a specific group. -* **Add Member To Group** *(Enrichment)* - Add a user to a specific group. +* **Delete User** *(Containment)* - Delete a specific user. +* **Disable User** *(Containment)* - Block user account. * **Get Manager** (*Enrichment*) - Get user manager. +* **Get Member Groups** *(Enrichment)* - Retrieve a Group memberships for the user. +* **Get User** (Enrichment) - Get details for a specific user. +* **List Devices** *(Enrichment)* - Retrieve a list of device objects registered in the organization. * **List Groups** (*Enrichment*) - List all the groups available in an organization. +* **List Users** *(Enrichment)* - List all users. +* **Reset User Password** *(Containment)* - Reset user password. * **Revoke Sign In Sessions** (*Containment*) - Invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser). -* **List Devices** *(Enrichment)* - Retrieve a list of device objects registered in the organization. -* **Disable User** *(Containment)* - Block user account. -* **Get Member Groups** *(Enrichment)* - Retrieve a Group memberships for the user. ## Azure Active Directory configuration The following steps show how to create an Azure AD Application in order to work with Cloud SOAR. 1. Log in to Azure portal with the user that has administrator privileges. -1. Navigate to **Azure Active Directory** > **App registrations** > **New registration**.
azure-ad-1 -1. In the registration form, choose a name for your application and then click Register.
azure-ad-2 -1. Write down the Application ID and Directory ID, you will need them later for the integration configuration.
azure-ad-3 -1. Configure Azure AD Application permissions: on the left choose API permissions. -1. Then click the **Add a permission** button.
azure-ad-4 -1. Select your application in App registrations in the Azure portal. +2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**.
azure-ad-1 +3. In the registration form, choose a name for your application and then click Register.
azure-ad-2 +4. Write down the Application ID and Directory ID, you will need them later for the integration configuration.
azure-ad-3 +5. Configure Azure AD Application permissions: on the left choose API permissions. +6. Then click the **Add a permission** button.
azure-ad-4 +7. Select your application in App registrations in the Azure portal. * Delegated permissions are selected by default. * Delegated permissions are appropriate for client apps that access an API as the signed-in user, and whose access should be restricted to the permissions you select in the next step. * Application permissions are for service or daemon-type applications that need to access API as themselves, without user interaction for sign-in or consent.
azure-ad-5 -1. Select the following permissions to add: +8. Select the following permissions to add: * **Delegated (work or school account)**. User.Read, User.ReadWrite, User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All. * **Delegated (personal Microsoft account)**. User.Read, User.ReadWrite. * **Application**. User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All.
azure-ad-6 -1. Once API permission are added then Admin must consent to a grant these permissions ([Learn more about permissions and consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps)).
azure-ad-7 -1. Once Admin Consent is granted, API permissions configuration have been completed. Then we have to add a Client secret that will be used for the authentication, along with Client ID and Directory ID. To add Client secret, go to Certificates and secrets, and click **New client secret**.
azure-ad-8 -1. Select description and expiry period for the created secret and create it. -1. Once it's created, make sure you save its value, since its only displayed once.
azure-ad-9 -1. Once you do these steps you will need to find the Tenant ID in order to use it on your resources file.
azure-ad-10 -1. Configuration of Azure AD application is completed, you will need application’s Client ID, secret, Tenant ID. +9. Once API permission are added then Admin must consent to a grant these permissions ([Learn more about permissions and consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps)).
azure-ad-7 +10. Once Admin Consent is granted, API permissions configuration have been completed. Then we have to add a Client secret that will be used for the authentication, along with Client ID and Directory ID. To add Client secret, go to Certificates and secrets, and click **New client secret**.
azure-ad-8 +11. Select description and expiry period for the created secret and create it. +12. Once it's created, make sure you save its value, since its only displayed once.
azure-ad-9 +13. Once you do these steps you will need to find the Tenant ID in order to use it on your resources file.
azure-ad-10 +14. Configuration of Azure AD application is completed, you will need application’s Client ID, secret, Tenant ID. +15. Assign the app the role of User Administrator. This is required to perform action "Reset User Password". + * **Azure Active Directory** > **Roles and administrators** > **User Administrator** > **Add assignments** > **Your app** > **Add**. + ## Change Log @@ -69,3 +73,5 @@ The following steps show how to create an Azure AD Application in order to work * September 19, 2023 (v1.7) - Versioning * January 16, 2024 (v1.8) + Added New Action: Get Member Groups +* November 12, 2024 (v1.9) + + Added New Action: Reset User Password \ No newline at end of file From 248b29946ab943ba72fcd34242cf4155fc756c05 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Tue, 12 Nov 2024 11:46:59 -0600 Subject: [PATCH 2/2] Updates from review --- .../app-central/integrations/azure-ad.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/platform-services/automation-service/app-central/integrations/azure-ad.md b/docs/platform-services/automation-service/app-central/integrations/azure-ad.md index 48d7747759..f79e45e8d0 100644 --- a/docs/platform-services/automation-service/app-central/integrations/azure-ad.md +++ b/docs/platform-services/automation-service/app-central/integrations/azure-ad.md @@ -33,26 +33,26 @@ Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access The following steps show how to create an Azure AD Application in order to work with Cloud SOAR. 1. Log in to Azure portal with the user that has administrator privileges. -2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**.
azure-ad-1 -3. In the registration form, choose a name for your application and then click Register.
azure-ad-2 -4. Write down the Application ID and Directory ID, you will need them later for the integration configuration.
azure-ad-3 -5. Configure Azure AD Application permissions: on the left choose API permissions. -6. Then click the **Add a permission** button.
azure-ad-4 +1. Navigate to **Azure Active Directory** > **App registrations** > **New registration**.
azure-ad-1 +1. In the registration form, choose a name for your application and then click **Register**.
azure-ad-2 +1. Write down the Application ID and Directory ID. You will need them later for the integration configuration.
azure-ad-3 +1. To configure Azure AD Application permissions, on the left choose **API permissions**. +6. Click the **Add a permission** button.
azure-ad-4 7. Select your application in App registrations in the Azure portal. * Delegated permissions are selected by default. * Delegated permissions are appropriate for client apps that access an API as the signed-in user, and whose access should be restricted to the permissions you select in the next step. * Application permissions are for service or daemon-type applications that need to access API as themselves, without user interaction for sign-in or consent.
azure-ad-5 -8. Select the following permissions to add: +1. Select the following permissions to add: * **Delegated (work or school account)**. User.Read, User.ReadWrite, User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All. * **Delegated (personal Microsoft account)**. User.Read, User.ReadWrite. * **Application**. User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All.
azure-ad-6 -9. Once API permission are added then Admin must consent to a grant these permissions ([Learn more about permissions and consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps)).
azure-ad-7 -10. Once Admin Consent is granted, API permissions configuration have been completed. Then we have to add a Client secret that will be used for the authentication, along with Client ID and Directory ID. To add Client secret, go to Certificates and secrets, and click **New client secret**.
azure-ad-8 -11. Select description and expiry period for the created secret and create it. -12. Once it's created, make sure you save its value, since its only displayed once.
azure-ad-9 -13. Once you do these steps you will need to find the Tenant ID in order to use it on your resources file.
azure-ad-10 -14. Configuration of Azure AD application is completed, you will need application’s Client ID, secret, Tenant ID. -15. Assign the app the role of User Administrator. This is required to perform action "Reset User Password". +1. Once API permission are added then Admin must consent to a grant these permissions ([Learn more about permissions and consent](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps).)
azure-ad-7 +1. Once Admin Consent is granted, API permissions configuration have been completed. Then we have to add a Client secret that will be used for the authentication, along with Client ID and Directory ID. To add Client secret, go to Certificates and secrets, and click **New client secret**.
azure-ad-8 +1. Select description and expiry period for the created secret and create it. +1. Once it's created, make sure you save its value, since its only displayed once.
azure-ad-9 +1. Once you do these steps you will need to find the Tenant ID in order to use it on your resources file.
azure-ad-10 +1. Configuration of Azure AD application is completed, you will need application’s Client ID, secret, Tenant ID. +1. Assign the app the role of User Administrator. This is required to perform action "Reset User Password". * **Azure Active Directory** > **Roles and administrators** > **User Administrator** > **Add assignments** > **Your app** > **Add**.