Setup
commonfate/azure-ad@v1
Example granted_deployment.yml
version: 2
deployment:
stackName: example
account: "12345678912"
region: ap-southeast-2
release: v0.12.0
parameters:
CognitoDomainPrefix: example
AdministratorGroupID: granted_administrators
ProviderConfiguration:
azure-ad:
uses: commonfate/azure-ad@v1
with:
clientId: ""
clientSecret: "*****"
tenantId: ""
Create a new app in Azure
Configuration Fields
This step will guide you through collecting the values for these fields required to setup your provider.
| Field | Description |
|---|---|
| tenantId | the azure tenant ID |
| clientId | the azure client ID |
In the Azure portal, search or select App Registrations from the list of resources on Azure and then select the New registration to make a new App.
Name the app 'Common Fate Azure AD Groups Provider', Accounts in this organizational directory only (single tenant) for Supported account types and then click Register.
Your app will be shown in a table of other owned applications in azure. Click on the newly created app and we will now configure some scopes and create an access token.
Next, click on API permissions in the tabs on the left hand side. Click on Add a permission
Use Application permissions from Microsoft Graph
Search for User and add: User.ReadWrite.All
Then search for Group and add: Group.ReadWrite.All
Finally search for GroupMember and add: GroupMember.ReadWrite.All
Once you have selected the permissions click Add permissions to add them to your application.
Make sure you click Grant admin consent above the permissions table and permit the scopes on the application.
Navigate to the Overview tab in the Azure portal, and get the first two IDs from the Essentials section.
Create a new client secret
Configuration Fields
This step will guide you through collecting the values for these fields required to setup your provider.
| Field | Description |
|---|---|
| clientSecret | the azure API token |
Navigate to the Certificates & secrets tab in the left hand Nav of the Azure portal.
Under Client secrets, click Create a new secret.
Give the secret a descriptive name, like Common-Fate-Token. It will create a secret and display a table showing the secret value.
Copy the secret value and use it for the clientSecret input.