Azure RBAC (AAD add-on)

This guide will teach you how to set up the connector between Azure RBAC (AAD add-on) and Clarity Security.

Estimated time to complete: 20 minutes

Below are capabilities supported by the connector at this time.

How to Setup the Connector

Step 1: Log in to Azure Portal

Azure Portal: https://portal.azure.com/#home

Click through to Azure Active Directory.

Step 2: Create a New App Registration

Click on App registrations on the left menu, then New registration

Step 3: Enter a Name and register the app

Step 4: Add a client secret to the app

Click Certificates & secrets on the left, add a Description, and click Add.

Step 5: Copy the Value of the secret

Keep it somewhere for later. You cannot see/copy the value later; you'll have to repeat steps 4 & 5

Step 6: Leave the tab on the Overview for the app

You'll need the Application (client) ID and Directory (tenant) ID later.

Step 7: Open a new tab to the Azure Portal

You'll be assigning a particular Role to this App for all of the Subscriptions where you want to read and/or provision Role Assignments for your Users and Groups. 

You can assign this role in individual Subscriptions, or via Management groups. Do not assign the role at the Resource group or Resource level as it will inherit those scopes via the Subscriptions.

Navigate to the first Management group or Subscription to add the Role Assignment for your app.

Step 8: Add Role assignments to the App you created

Start by selecting Access control (IAM) and then clicking +Add.

Click Add role assignment:

Step 9: Select the Role "Role Based Access Control Administrator (Preview)"

Search for "Role Based", click the Role Base Access Control Administrator (Preview) role, then click Next.

Step 10: Select Members 

Step 11: Add the App

Step 12: Click "Review + assign" - twice

You may have to click this twice to complete the role assignment.

Step 13: Log in to your Clarity Security tenant

https://your-tenant.claritysecurity.io/

Step 14: Click on Applications, then your Azure Active Directory

Note the number in the URL; you'll need this for a later step.

Step 15: Click on Applications, then Marketplace

Step 16: Find Azure RBAC (AAD add-on)

Scroll to or search for Azure RBAC (AAD add-on) in the list of applications from the marketplace, then click Connect.

Step 17: Connect App

Complete the App Settings form.  Details for fields common to all applications can be found in the following article: Common App Configuration Steps.

• app_id from step 6 is the Application (client) ID
• app_secret from step 5 is the Value you copied
• tenant from step 6 is the Directory (tenant) ID
• aad_id_in_clarity from step 15

Step 18: App Settings

Complete the App Settings form.  Details for each field can be found in the following article: Common App Configuration Steps.

Step 19: User Settings

Complete the User Settings form, and check the table at the top to see if any features are unsupported.  Details for each field can be found in the following article: Common App Configuration Steps.

Step 20: Validate Your Selections and Save

Need Help?