Versions Compared

Old Version 3

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <div class = \"bd-callout bd-callout-info\">\r\n <h4>Prerequisites</h4>\r\n <p>To create an app role for an Azure app, you need:</p>\r\n <ul>\r\n <li>An Azure AD tenant managed by EmpowerID</li>\r\n <li>A target application registered in Azure</li>\r\n </ul>\r\n <p class = \"bd-callout bd-callout-success\">To run the workflow that creates Azure app roles, users\r\n must have the <b>UI-Res-Admin-MS-Application</b> Management Role.</p>\r\n </div>","javascript":"","css":""}
Step 1 – Configure workflow parameters
The workflow for creating Azure application app roles is CreateAzureAppAppRole. The workflow has several parameters that affect field values. These parameters are listed in the below table. In this example, you set the DefaultAzureTenantID parameter to the Azure tenant with the applications for which you want to create secrets.
Parameter
Description
AppRoleFulfillmentGroup_IsVisible
Set to true/false to show or hide the "App Role Fulfillment Group Details" section in the App Role details page
DefaultAccessRequestPolicyID
Specifies the Default Access request policy to be selected in the drop down in the IAM Shop Settings step. The value must be a GUID.
DefaultAllowedMemberTypeID
Sets the default AppRole Allowed Member Type. Set to 2 for "User", 3 for "Applications", 4 for "Both (Users/Groups + Applications)" and 0 for no pre-selection.
DefaultAzureTenantID
This is the GUID of the Azure tenant. If the value is present, the “Select a Tenant” drop down will be auto-selected with the specified tenant.
 Easy html macro
theme{"label":"solarized_dark","value":"solarized_dark"}
contentByMode{"html":"<!doctype html>\r\n<link href=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css\" rel=\"stylesheet\" integrity=\"sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC\" crossorigin=\"anonymous\">\r\n<link href=\"https://docs.empowerid.com/new_docs.css\" rel=\"stylesheet\">\r\n<script src=\"https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js\" integrity=\"sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM\" crossorigin=\"anonymous\"></script>\r\n <p class = \"bd-callout bd-callout-success\">The tenant you specify here appears by default as the tenant \r\n with the application(s) for which you want to create secret(s). If you have more than one tenant \r\n managed by EmpowerID, those tenants can be selected on the form. Please note that\r\n once you set a value for this parameter, the value cannnot be null going forward unless you null it in the \r\n EmpowerID Identity Warehouse.</p>\r\n ","javascript":"","css":""}
You can find the Tenant ID for your Azure tenant by navigating to
Azure RBAC Manager > Resources and selecting the Tenants tab.
Image Removed
DefaultCreateAppRoleFulfillmentGroup
Set to true/false to create Azure app role fulfillment group. The radio button will be checked/unchecked respectively.
DefaultEmailMessageName
This is the name of the Email Template used to send email notification to each person belonging to the Management Roles specified in the ManagementRoleIDsToNotifiy parameter. Email notifications are sent each time a client app secret is created.
DefaultOrgZoneID
This is the ID of the EmpowerID location where the app role will be created . If value is present, the “Select a Location” drop down will be auto-selected with the location. The location can be changed as desired on the form.
DefaultOwnerPersonID
This is the Person ID of the secret owner. If the value is present, the specified person will be the owner for all client app secrets.
DefaultPreApproveOwner
Specifies whether the Pre-approve access for owner checkbox appears on the form.
DefaultSecretExpirationInDays
This is the default client secret expiration in X days from the current date. X days will be added to the current date.
DefaultShareCredential
Specifies whether to enable sharing for all credentials by default.
DefaultVaultCredential
Specifies whether to vault all secrets by default
ManagementRoleIDsToNotify
This is a comma separated list of the Management Role IDs of the Management Roles to be notified each time a client app secret is created.
SelectExpiration_IsVisible
Specifies whether to show or hide the expiration field on the form.
ShareCredential_IsVisible
Specifies whether to show or hide the Share credential checkbox on the form
VaultShareCredential
Specifies whether to vault all secrets by default
VaultCredential_IsVisible
Specifies whether to show or hide the Vault credential checkbox on the form
SelectAOwner_IsVisible
Specifies whether to show or hide the Owner selection drop-down on the form
...
To configure workflow parameters for your needs, do the following:
  1. On the navbar, expand Object Administration Low Code / No Code Workflow and select Low Code Workflows.
  2. Select the Workflow tab and search for Create Azure App Client Secret.
  3. Click the Display Name for the workflow.
    Image RemovedImage Added
  4. Expand the Request Workflow Parameters accordion on the Workflow Details page for the workflow and click the edit button for the DefaultAzureTenantID parameter. 
    Image RemovedImage Added
  5. Enter the Azure Tenant ID in the Value field and click Save.
    Image Removed
  6. Configure any other settings as needed.
Step 2 – Add an app role to an Azure application
  1. Navigate to the Resource Admin application portal for your environment.
  2. Select Applications from the dropdown menu and search for the application you want to assign an Azure AD role.
  3. Click the Friendly Name link for the application.
     
  4. Select Azure Application Roles on the application menu, expand Actions, and then click Create Azure Application Role.
     
    This initiates the Create Azure App App Role workflow with the selected application as the target and directs you to the App Role Details form. 
  5. Fill in the form fields with the appropriate information for your app role. 
     Insert excerpt
    IL:Azure Snippets
    IL:Azure Snippets
    nameAppRoleFields
    nopaneltrue
  6. Click Next.
  7. Review the summary information and then click Submit.
Step 3 – Verify the application role in Azure
  1. In Azure, navigate to Azure AD > App registrations.
  2. Select All applications and search for the target application.
  3. Click the Display Name link for the application.
  4. Under Manage, click App Roles.

    You should see the app role you created for the application.
...