Microsoft Entra ID
Overview
Microsoft Entra ID[1] (formerly Azure Active Directory) is supported as the target for identity resources such as security groups, application registrations, and service principals. As part of provisioning resources with Scaled Sense, identity objects required to administer and run the deployed cloud resources will be provisioned into the configured Microsoft Entra ID tenant for your organization.
Microsoft Entra ID is also required as the organization's identity provider for authentication to the Scaled Sense Portal.
Commonly Used Resources
- Security Groups and Group Members
- Application Registrations
- Service Principals
- Federated Identity Credentials
Permissions Requested
- Application.ReadWrite.OwnedBy
- Used to provision App Registrations and Service Principals that are used to delegate administration of workloads
- Group.Create
- Used to provision Security Groups for workloads provisioned by Scaled Sense and manage their group membership
- GroupMember.Read.All
- Used to read the existing membership of Security Groups to allow for management of group members for groups created by Scaled Sense
- User.Read.All
- Used to allow for the lookup of users in the directory for configuring membership of Security Groups
- Directory.AccessAsUser.All (Deprecated)
- This permission is not used and will be removed in a future release
Configuration Requirements
As part of configuring Scaled Sense for an organization, an administrator will be required to walk through an admin consent flow for two different Scaled Sense Enterprise applications. Both of these flows can be started from the Scaled Sense Portal by following the instructions given to the signed-in user.
The first is the Scaled Sense Portal application. This flow can be initiated by clicking the Complete Admin Consent button from the notifications menu or finding the button with the same name on the Users page. Consenting to this application permits all users within the organization's tenant the ability to authenticate to Scaled Sense. To fully access the platform, however, they will still be required to be invited and authorized by assigning one or more roles in Scaled Sense.
The second consent flow is for the Scaled Sense Automation application. The application that will be provided for consent will include a suffix that includes the organization's configured business key. This flow can be initiated by navigating to Configure > Platforms and configuring the Microsoft Entra ID Connection. Consenting to this application permits the Scaled Sense Automation application the listed permissions for the Entra ID tenant where it is installed.