Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 2

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Insert excerpt
IL:External Stylesheet - Test
IL:External Stylesheet - Test
nopaneltrue
Set Azure REST API Permissions

...

  1. In Azure, navigate to the target subscription and select Access control (IAM) from the Azure navbar.

  2. On the Access Control (IAM) page, click Add and select Add custom role.

    Image RemovedImage Added

  3. Under Basics, enter a Custom role name.

  4. Select the Permissions tab and click Add permissions.

    Image RemovedImage Added

  5. Search for Microsoft.ManagedIdentity and click the Microsoft Managed Identity tile.

    Image RemovedImage Added

  6. For Actions, under Microsoft.ManagedIdentity/userAssignedIdentities, select the following:

    • Read : Get User Assigned Identity

    • Write : Create/Update User Assigned Identity

    • Delete : Delete User Assigned Identity

  7. Click Add.

    Image RemovedImage Added

  8. Back on the Create a custom role page, click Add permissions again and then search for Microsoft.Authorization.

  9. Click the Microsoft Authorization tile and then add the below permissions:

    • Microsoft.Authorization/roleAssignments

      • Read : Get role assignment

      • Write : Create role assignment

      • Delete : Delete role assignment

    • Microsoft.Authorization/roleDefinitions

      • Read : Get role definition

      • Write : Create or update custom role definition

      • Delete : Delete custom role definition

  10. Click Add.

    Image RemovedImage Added

  11. Back on the Create a custom role page, click Add permissions again and then search for Microsoft.Authorization.

  12. Click the Microsoft Management tile and select Read : List Groups under Microsoft.Management/managementGroups.

  13. Click Add.

    Image RemovedImage Added

  14. Back on the Create a custom role page, click Add permissions again and then search for Microsoft.Resources.

  15. Click the Microsoft Resources tile and then select the following permissions:

    • Microsoft.Resources/subscriptions/resourcegroups

      • Read : Get Resource Group

    • Microsoft.Resources/subscriptions/resources

      • Read : Get Subscription Resources

  16. Click Add.

  17. Back on the Create a custom role page, select the Assignable scopes tab and verify the scope.

    Image RemovedImage Added

  18. Click Review + Create.

  19. Review the permissions and then click Create.

    Image RemovedImage Added

  20. Click OK to close the “created custom role” message.

    Image RemovedImage Added


    Now that you have created the custom role with the needed permissions, you need to assign the Azure AD SCIM microservice to the role.

  21. On the Access control (IAM) page, click Add > Add role assignment.

    Image RemovedImage Added

  22. In the Add role assignment pane that appears, enter the following:

    • Role – Select the custom role you just created

    • Assign access to – App Service

    • Subscription – Target subscription

    • Select – The SCIM app service you created earlier.

  23. Click Save to add the role assignment.

    Image RemovedImage Added

  24. On the Access control (IAM) page, select the Role assignments tab. You should see the SCIM app service you created assigned to the custom role.

...

Next Steps

Connect EmpowerID to Azure Active Directory