You can define an Azure AD dynamic secret to dynamically generate access credentials in one of two modes:
Programmatic Access using a secret for a specific application.
Portal Access using a username and password.
- Azure AD Service Account:
To provide access to Akeyless Vault from Azure AD, create a Registration for Application within your Microsoft Identity Platform. This registration will serve as a service account to enable API calls from Akeyless Vault.
The following permissions are required:
Add user to group
GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All
Add user role
Create\Delete Application secret
- Akeyless Gateway.
In the Akeyless Gateway UI , select Dynamic Secrets > New > Azure AD Producer:
A unique name that describes the purpose or permissions scope of this dynamic secret.
The path in Akeyless vault to store this dynamic secret.
Azure Client ID (Application ID)
The Application ID.
Azure Tenant ID
Your Azure Tenant ID
Azure Client Secret
Your Azure Client Secret
Portal Access\ Programmatic Access
Portal Access - Creates new User & Password.
Programmatic Access - Create new secret to specific App.
Principal Name (Portal Access)
Your Account Principal Name
Azure User Group Object ID - (Portal Access)
Group Object-ID to add the new user to your group (Multiple values should be separated by a comma).
Azure User roles Template ID - (Portal Access)
Role Template-ID to add to the new user (Multiple values should be separated by a comma)
Azure App Object ID (Programmatic Access)
The App Object-ID to create secret access.
Once the Dynamic Secret creation is successful, get the secret value from Akeyless Vault:
- Portal Access:
To Access Azure AD portal, enter the User Principal Name.
- Programmatic Access:
Use the Secret Text for programmatic access.
Updated 2 months ago