The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

Azure AD Dynamic Secrets

You can define an Azure AD dynamic secret to dynamically generate access credentials in one of two modes:

  1. Programmatic Access using a secret for a specific application.

  2. Portal Access using a username and password.

Prerequisites

  • Azure AD Service Account:

To provide access to Akeyless Vault from Azure AD, create a Registration for Application within your Microsoft Identity Platform. This registration will serve as a service account to enable API calls from Akeyless Vault.

To create a Service Account in your Azure AD, follow this guide on how to create an Application Registration in Azure Active Directory. Or follow this step by step guide.

The following permissions are required:

Action:

Permissions:

Create/Delete user

User.ReadWrite.All, Directory.ReadWrite.All

Add user to group

GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All

Add user role

RoleManagement.ReadWrite.Directory

Create\Delete Application secret

Application.ReadWrite.OwnedBy, Application.ReadWrite.All

Akeyless Configuration

In the Akeyless Gateway UI , select Dynamic Secrets > New > Azure AD Producer:

Usage

Field

Description

Name

A unique name that describes the purpose or permissions scope of this dynamic secret.

Location

The path in Akeyless vault to store this dynamic secret.

Azure Client ID (Application ID)

The Application ID.

Azure Tenant ID

Your Azure Tenant ID

Azure Client Secret

Your Azure Client Secret

Portal Access\ Programmatic Access

Portal Access - Creates new User & Password.

Programmatic Access - Create new secret to specific App.

Principal Name (Portal Access)

Your Account Principal Name

Azure User Group Object ID - (Portal Access)

Group Object-ID to add the new user to your group (Multiple values should be separated by a comma).

Azure User roles Template ID - (Portal Access)

Role Template-ID to add to the new user (Multiple values should be separated by a comma)

Azure App Object ID (Programmatic Access)

The App Object-ID to create secret access.

Once the Dynamic Secret creation is successful, get the secret value from Akeyless Vault:

  1. Portal Access:

To Access Azure AD portal, enter the User Principal Name.

  1. Programmatic Access:

Use the Secret Text for programmatic access.

Updated 2 months ago

Azure AD Dynamic Secrets


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.