Note: This repository is still in an early stage of development and still in experimental phase. At this point, no contributions are accepted to the project yet.
This Raito CLI plugin will synchronize the users and groups from an Azure Active Directory account to a specified Raito Identity Store. Next to that it supports syncing Data Objects and Access Providers for the following Azure Services:
- Azure Data Lake
To use this plugin, you will need
- The Raito CLI to be correctly installed. You can check out our documentation for help on this.
- A Raito Cloud account to synchronize your Azure Active Directory with. If you don't have this yet, visit our webpage at (https://raito.io) and request a trial account.
- At least one Azure account with Active Directory setup
- You'll need the Tenant ID of your directory
- Under 'App registrations', set up a new application for this integration. You'll need the Application (client) ID.
- In the newly created application go to 'Certificates & secrets' to create a new client secret
- In the newly created application go to 'API Permissions' and make sure the application has the permissions
Group.Read.All,User.Export.All,User.ReadandUser.Read.All. Make sure these are approved. To do this, go to the 'Enterprise applications' menu in your AD Directory, find your application and go to 'Permissions'.
To use the plugin, add the following snippet to your Raito CLI configuration file (raito.yml, by default) under the targets section:
- name: azure-ad1
connector-name: raito-io/cli-plugin-azure-ad
identity-store-id: <<Active Directory IdentityStore ID>>
ad-tenantid: <<Your AD Tentant ID>>
ad-clientid: <<Your AD Client ID>>
ad-secret: "{{RAITO_AD_SECRET}}"
azure-subscription-id: <<The ID of your Azure Subscription>>Next, replace the values of the indicated fields with your specific values:
<<Your AD Tentant ID>>: the tenant ID as explained in the prerequisites above<<Your AD Client ID>>: the Application (client) ID as explained in the prerequisites above<<The ID of your Azure Subscription>>: the subscription ID you find in your azure portal
Make sure you have a system variable called RAITO_AD_SECRET with the client secret (see prerequisites above) as its value.
You will also need to configure the Raito CLI further to connect to your Raito Cloud account, if that's not set up yet. A full guide on how to configure the Raito CLI can be found on (http://docs.raito.io/docs/cli/configuration).
As a first step, you can check if the CLI finds this plugin correctly. In a command-line terminal, execute the following command:
$> raito info raito-io/cli-plugin-azureThis will download the latest version of the plugin (if you don't have it yet) and output the name and version of the plugin, together with all the plugin-specific parameters to configure it.
When you are ready to try out the synchronization for the first time, execute:
$> raito runThis will take the configuration from the raito.yml file (in the current working directory) and start a single synchronization.
Note: if you have multiple targets configured in your configuration file, you can run only this target by adding --only-targets azure1 at the end of the command.