Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This gives the ability to integrate Non-CSP Partner creates by creating the application in MS Azure Portal by themselves

...

  • Step 1a: Login to https://portal.azure.com/ using MFA Enabled Global Administrator Role to get Client ID, Secret ID and set permissions.

  • Step 1b: In the Microsoft Azure Portal, search for Azure Active Directory and select it.

...

  1. Name - Any Name for the application. E.g. CyberCNS_Azure_NonCSP

  2. Select the Supported Account Types as Multi-Tenant.

  3. Redirect URL

    1. Under the select platform box select as Web.

    2. Second box give gives the URL link as https://authccns.mycybercns.com/?consent

Once all the information is entered correctly click on the Register Button.

...

  • To create a New Client Secret for this created application, Navigate to Certificate and Secrets> Client Secrets> New Client Secret.

  • Provide a Description for of this new client's secret

  • Provide until when this Client Secret can be used and then click on Add.

Partner Partners need to renew the client secret once it expires and add it back to the CyberCNS portal.

...

  • Once added an auto-generated Value will be seen. Copy the Value and use it as a Client Secret into CyberCNS Portal.

API Permissions

Refer to the below video for the detailed steps adding Manifest json script for API Permissions.

...

Below are the steps to add all required API permissions for the Azure AD application in a single shot, instead of adding them one by one.

  1. Create an application as per the integration of multi-tenants.

  2. Once the application is created click on the "Manifest" option under Manage as shown below.

...

  1. This will open a JSON file.

  2. Replace the requiredResourceAccess key value with the JSON value given below and click on save. this will add all required API permission in one go.

"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "3de2cdbe-0ff5-47d5-bdee-7f45b4749ead",
"type": "Scope"
},
{
"id": "4908d5b9-3fb2-4b1e-9336-1888b7937185",
"type": "Scope"
},
{
"id": "ebfcd32b-babb-40f4-a14b-42706e83bd28",
"type": "Scope"
},
{
"id": "e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20",
"type": "Scope"
},
{
"id": "314874da-47d6-4978-88dc-cf0d37f0bb82",
"type": "Scope"
},
{
"id": "64733abd-851e-478a-bffb-e47a14b18235",
"type": "Scope"
},
{
"id": "02e97553-ed7b-43d0-ab3c-f8bace0d040c",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "a154be20-db9c-4678-8ab7-66f6cc099a59",
"type": "Scope"
},
{
"id": "5f8c59db-677d-491f-a6b8-5f174b11ec1d",
"type": "Scope"
},
{
"id": "06da0dbc-49e2-44d2-8312-53f166ab848a",
"type": "Scope"
},
{
"id": "e383f46e-2787-4529-855e-0e479a3ffac0",
"type": "Scope"
},
{
"id": "f6a3db3e-f7e8-4ed2-a414-557c8c9830be",
"type": "Scope"
},
{
"id": "fdc4c997-9942-4479-bfcb-75a36d1138df",
"type": "Role"
},
{
"id": "5b567255-7703-4780-807c-7be8301ae99b",
"type": "Role"
},
{
"id": "498476ce-e0fe-48b0-b801-37ba7e2685c6",
"type": "Role"
},
{
"id": "658aa5d8-239f-45c4-aa12-864f4fc7e490",
"type": "Role"
},
{
"id": "2f51be20-0bb4-4fed-bf7b-db946066c75e",
"type": "Role"
},
{
"id": "bf394140-e372-4bf9-a898-299cfc7564e5",
"type": "Role"
},
{
"id": "df021288-bdef-4463-88db-98f22de89214",
"type": "Role"
},
{
"id": "b0afded3-3588-46d8-8b3d-9842eff778da",
"type": "Role"
},
{
"id": "d07a8cc0-3d51-4b77-b3b0-32704d1f69fa",
"type": "Role"
},
{
"id": "230c1aed-a721-4c5d-9cb4-a90514e508ef",
"type": "Role"
},
{
"id": "b633e1c5-b582-4048-a93e-9f11b44c7e96",
"type": "Role"
},
{
"id": "7ab1d382-f21e-4acd-a863-ba3e13f7da61",
"type": "Role"
}
]
}
],

API Permissions to be set manually:

Step 2d: Below are the permissions required for a Non-CSP account. Make sure to have these API permissions(the below-mentioned API Permissions should have type as Application and Delegated) in place.

  • Navigate to API Permissions and select +Add a permission.

  • Under Request API Permissions, Select Microsoft Graphs under Microsoft APIs

  • Click on Delegated permissions & Application permissions appropriately and search for the below permissions to add.

  • Image RemovedImage Added

    Once permissions are set, on the same page, please grant admin access by clicking on the Grant admin consent for Connect Secure and click on Yes button

  • Navigate to Enterprise Application> All Applications, search for the Application_name which is created & click on that Application_name. (Application created for multi-tenant)

  • Once opened, navigate to the Security Section on the left-hand side and select Permissions.

  • Under the Permissions, Click on Grant Admin Consent for Connect Secure.

...

  • Image Added

    On Granting the Consent it will redirect to the Microsoft User login screen.

  • Provide user email used (MFA Enabled Global Administrator)

...

  • Click on Accept under permissions requested.

...

This completes adding Azure Application for Azure Active Directory.

Info

After clicking on Accept, please close the Microsoft login window.(If it again pop-ups as login to the account)

Azure Active Directory Non CSP Integration setup

...

  • Click on + to add Azure AD CSP credentials.

  • Choose a Name for the credentials for your reference.

  • By default Azure CSP Authentication Endpoint will be Global Service, it can be changed by dropdown if the Microsoft login mail id is associated with .us or .com (US government/ Global Service)

  • Provide Tenant ID - This is the Tenant ID from the created application. (This is same for both the applications created- Multi Tenant).

  • Provide Client ID and Client Secret for created Azure application for Azure Active Directory(Multi Tenant).

  • Click on Save to save these credentials successfully. This will lead to Microsoft login page to ask for a consent.

  • Once the login is successful, the Azure AD Credentials will be stored successfully.

  • A user having a Global Administrator role/permissions is required to be used for login.

  • Using the above method you can add multiple credentials.

...

  • By clicking the Finish Button, the mapping company credentials will be saved.

  • There is an option to Delete the integration mapping using the Action column. Any company mapping can be deleted if needed.

...

  • Please wait for the sync to complete to get the data under Azure Active Directory and Microsoft Secure Score section.

  • Under Azure Active Directory> Sync Now can help you sync the data at any point of time.

  • Once Sync now is selected, the Jobs > Azure Active Directory jobs section will show a job for sync in progress. Once it is completed, the data will be successfully shown under Azure Active Directory and Microsoft Secure Score.

...