From 3c0f6f56a7b6318f8620ec6642b516b36e6120c2 Mon Sep 17 00:00:00 2001 From: Cheick Keita Date: Mon, 17 May 2021 05:44:45 -0700 Subject: [PATCH] Azure AD entities description (#896) Added a description of the configuration of azure AD entities closes #875 --- docs/AADEntitites.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 docs/AADEntitites.md diff --git a/docs/AADEntitites.md b/docs/AADEntitites.md new file mode 100644 index 0000000000..85b216c759 --- /dev/null +++ b/docs/AADEntitites.md @@ -0,0 +1,44 @@ +# Azure Active Directory Entities +This document describes the configuration of entities create in Azure AD by our [deployment script](../src/deployment/deploy.py) + +### OneFuzz Application Registration +This is the registration of the OneFuzz instance. +* name : `` +* app roles + * _ManagedNode_ + * value: ManagedNode + * Allowed Member types: Applications + * _CliClient_ + * value: ManagedNode + * Allowed Member types: Applications +* API Permissions + * _User.Read_ ([Microsoft Graph](https://docs.microsoft.com/en-us/graph/permissions-reference#user-permissions)) +* scope + * `user_impersonation` +* Authorized application: + * OneFuzz CLI registration + +### Onefuzz Application Service Principal +Service principal linked to the OneFuzz application registration. +* name: `` +* Application Id: `` + +### OneFuzz CLI registration +The registration for the command line interface. +* name: `-cli` + +### OneFuzz CLI Service Principal +Service principal linked to the OneFuzz CLI application registration. +* name: `-cli` +* Application Id: `` +* User Assignment required: _true_ +* Permission + * _CliClient_ (from OneFuzz Application registration) + +### Managed Node Service Principal +This entity is available after the first deployment. This is the service principal associated with the user-assigned managed identity `-`. + +* name: `-` +* Service Principal + * Permission + * _ManagedNode_ (from OneFuzz Application registration)