Azure Registered Applications: Difference between revisions
Jump to navigation
Jump to search
Line 10: | Line 10: | ||
A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as "application password". | A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as "application password". | ||
=Configure Role to allow access Microsoft Azure Resources= | =Configure Role to allow access Microsoft Azure Resources= | ||
* Create custom RBAC role. Subscriptions → subscription in question → Access control (IAM) → + Add → Add Custom Role → JSON: | * Assign the role to the app registration. Subscriptions → subscription in question → Role Assignments → Add → Role: Contributor, Assign access to: User, group, or service principal, Select: filter by application registration name. | ||
* Not used: <font color=darkgray>Create custom RBAC role. Subscriptions → subscription in question → Access control (IAM) → + Add → Add Custom Role → JSON:</font> | |||
<syntaxhighlight lang='json'> | <syntaxhighlight lang='json'> | ||
{ | { | ||
Line 33: | Line 34: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 01:40, 21 August 2021
External
- https://docs.microsoft.com/en-us/azure/active-directory/develop/developer-glossary#application-registration
- https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
Internal
Overview
Accessible from Azure console at https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
Application ID
This surfaces as the an access key credential.
Client Secret
A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as "application password".
Configure Role to allow access Microsoft Azure Resources
- Assign the role to the app registration. Subscriptions → subscription in question → Role Assignments → Add → Role: Contributor, Assign access to: User, group, or service principal, Select: filter by application registration name.
- Not used: Create custom RBAC role. Subscriptions → subscription in question → Access control (IAM) → + Add → Add Custom Role → JSON:
{
"properties": {
"roleName": "integration-testing",
"description": "",
"assignableScopes": [
"/subscriptions/c23f02b9-3dff-48a8-bde9-1508d5ab84ab"
],
"permissions": [
{
"actions": [
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}