Azure Integration Guide

Amir Avitzur
Amir Avitzur
  • Updated

Azure can be integrated with Authomize so that Authomize will be able to analyze identity and access information held on Azure. Information such as users, groups, roles and are extracted once and updated regularly thereafter.

Note: When Azure is integrated with Authomize, Azure AD and Microsoft Office 365/SharePoint/ OneDrive are also integrated.

Azure integration workflow

Azure_Integration_Workflow.png

Integrating Azure with Authomize

  1. Log into Authomize
  2. Go to Settings/Data Sources and click Add New App.
    1_Settings_Button.png

  3. Select Azure or Microsoft Active Directory or Office 365, SharePoint & OneDrive to open the integration dialog.
    Pick_an_App.png
  4. In the Integrate Azure dialog:

Step 1. Click Go to Microsoft and log in (again) 

          Step1.png 1_Azure_Login.png

Have a look through the permission needed by Authomize. If you agree click Accept.

11b_Permission_requested.png

You will see this, if all goes well:

12_Thank_you_for_onboarding.png

Copy the tenant from the URL (see the appendix for more details).

Alternatively, copy the Tenant ID from the Authomize|Overview page in Microsoft Azure:"

13_Authomize_Overview.png

Step 2. Paste the Tenant ID from Azure.

Step_2_Integrate_Azure_dialog.png

Step 3. Click the checkbox to give Authomize a principal Reader role on the root Azure
             management group. (If not checked, very limited data will be collected).

3.Enable_Azure_Check.png

Step 4. Click Go to Microsoft Portal to confirm that Authomize is set up in a Reader role.

Step_4_Integrate_Azure_dialog.png

For step-by-step instructions, see Appendix B: Setting up a reader role.

Tennant--and-IAM.png

         Step 5. Skip this step unless you want Authomize to automatically remove old, unused shared files.

Step_5_Advanced_Support.png

         Step 6.  Enter an integration name.

6_Azure_Integrations.png

         Step 7. Enter a contact email.

Step_7_Integrate_Azure_dialog.png

          Click Create.

  1. Wait for the integration to finish.
    When Azure (or one of the other two connectors) is integrated you will see two other entries in the Connected Apps list.

       App_Azure.png

App_MS.png

 App_365.png

What data is collected

Azure

  • Application
  • Group
  • Virtual Machine

Microsoft Active Directory

  • Application
  • Drive
  • Domain
  • Group
  • Account
  • User
  • Account
  • Integration

Office 365

  • Files
  • Folders
  • Drives

SharePoint

  • Group
  • User
  • Link

OneDrive

  • Package
  • Resource
  • Account
  • User
  • Group

 

Appendix A: Getting the Tennant ID from Azure

  1. Log into portal.azure.com as an admin:
  1_Azure_Login.png 2_Azure_Login.png 3_Azure_Login.png
  1. Click Azure Active Directory.
    5_Azure_Login.png

  2. On the Authomize|Overview page, copy the Tennant ID.
    13_Authomize_Overview.png

Appendix B: Setting up a reader role

  1. Log into Azure.
  2. Search for Management groups and click it when found.
    29sec.png
  3. In Management groups click Tenant Root Group.
    38sec.png
  4. In the Tenant Root Group, click Access Control (IAM) in the menu, then click to open the
    Role assignments.
    50sec.png
  5. In the Tenant Root Group|Access control|Role assignments, click + to add a new role assignment.
    108sec.png
  6. In the Add role assignment dialog | Role page, click Reader.
    114sec.png
  7. In the Add role assignment dialog | Members page, click the Next button.
    116sec.png
  8. In the Add role assignment dialog Click + Select members.
  9. Select Authomize from the Select member list.
    125sec_Add_Member.png
  10. In the Add role assignment dialog | Review + assign page, click the Review + assign button if you see your new Member Role in the Members field.
    133sec.png
Share this

Was this article helpful?

0 out of 0 found this helpful