This document describes the configuration of entities create in Azure AD by our deployment script
This is the registration of the OneFuzz instance.
- name :
<instance_name> - app roles
- ManagedNode
- value: ManagedNode
- Allowed Member types: Applications
- CliClient
- value: CliClient
- Allowed Member types: Applications
- UserAssignment
- value: UserAssignment
- Allowed Member types: Users/Groups
- ManagedNode
- API Permissions
- User.Read (Microsoft Graph)
- scope
user_impersonation
- Authorized application:
- OneFuzz CLI registration
- Properties:
- Assignment required?: Yes
Service principal linked to the OneFuzz application registration.
- name:
<instance_name> - Application Id:
<OneFuzz Application registration app_id>
The registration for the command line interface.
- name:
<instance_name>-cli
Service principal linked to the OneFuzz CLI application registration.
- name:
<instance_name>-cli - Application Id:
<OneFuzz CLI registration app_id> - User Assignment required: true
- Permission
- CliClient (from OneFuzz Application registration)
This entity is available after the first deployment. This is the service principal associated with the user-assigned managed identity <instance_name>-scalesetid.
- name:
<instance_name>-scalesetid - Service Principal
- Permission
- ManagedNode (from OneFuzz Application registration)
- Permission
This entity is the 'user' service principal that invokes a OneFuzz deployment. This service principal is assigned access to the instance's primary App Registration.
- name:
<user_name_sp> - Service Principal
- Permission
- UserAssignment (from OneFuzz Application registration)
- Permission