DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Azure Active Directory

DivvyCloud supports using Azure Active Directory authentication as a valid authentication server. Because the authentication flow for Azure Active Directory is so different from typical LDAP and Active Directory implementations, changes must be made within the Azure Portal to configure the Azure Active Directory for use with external applications.

📘

Note on credentials:

You will need Administrative credentials to your Azure cloud portal to complete these steps.

New App Registration

If you have an existing App Registration, and it is of the “Web app / API” type that you’d like to use, you can skip to Existing App Registration.

1. From within the Azure portal, search for "App registration" in the search bar.

2. Select "New". This should bring you to the "Register an application" screen.

3. Enter something simple and descriptive for the name.

  • Under 'Supported account types' select the default Accounts in this organizational directory only ((Default Directory) only Single tenant).
  • For the Redirect URI (optional) select 'Web' for type and then provide the URL for your DivvyCloud webserver instance (e.g., https://divvycloud.acmecorp.com/).

4. Click Register.

5. The app should be created and open an overview screen of the application. Copy the Application ID on this page in a safe place, as you will need it for configuration later during this process. (Depending on how you get there, this screen might look slightly different.)

6. On the left panel navigation under 'Manage' select Authentication. This will open the Redirect URIs page.

  • You will need to add two URLs, the first you can add on this page by adding Type - Web and pasting the following URL: https://divvycloud.acmecorp.com/v3/auth/authenticate/azure_active_directory/final/

Note: Make sure you replace ‘divvycloud.acmecorp.com’ with the correct information for your installation and click Save.

7. Under the Implicit grant section, in the Authentication page, make sure to check the ID Tokens checkbox.

8. From the "App registration" summary view, under "Manage", select Manifest.

  • Search the manifest for "replyUrlsWithType".
  • You should see the first URL you added in the previous step.
  • Make sure to revise the URL with the correct information for your installation.
  • Ensure the following URL is also present. If it is not, add it, modify it for your installation, and Save.
{
            "url": "https://divvycloud.acmecorp.com/v3/auth/authenticate/azure_active_directory/final/*",
            "type": "Web"
        }

9. Select Certificates & secrets from the left panel navigation.

  • Click the 'New client secret' button under the Client secrets section of the page to add a new secret.
  • Provide a description, select an expiration interval, and click add to complete.

Note: Before you move to a new page within the Azure console, copy the value that you created for the secret in a safe location; you will not be able to return to this view.

At this point, the Azure Active Directory should be viably set up for use with DivvyCloud. Visit DivvyCloud and open the Identity Management section (under Administration on the left-side menu), create a new Authentication Server, making certain to select the ‘Azure Active Directory’ type when you do, and use the values you noted above where needed.

For more detailed instructions, continue to this section.

Existing App Registration

To modify an existing app registration the steps are as follows:

1. From the App registrations page select the application you want to modify and click to open the overview page.

2. Select Authentication under the 'Manage' menu on the left panel navigation. This will open the Redirect URIs page. You will need to add two URLs, the first you can add on this page by adding Type - Web and pasting the following URL:

https://divvycloud.acmecorp.com/v3/auth/authenticate/azure_active_directory/final/

Note: Make sure you replace ‘divvycloud.acmecorp.com’ with the correct values for your installation and click Save.

3. The second URL must be manually added. Under 'Manage' select Manifest and search the manifest for "replyUrlsWithType", You should see the first URL you added in the previous step. Ensure that the following URL is also present. If not, add it, correcting it for your installation, and select Save.

"replyUrlsWithType": [
        {
            "url": "http://localhost:8001/v3/auth/authenticate/azure_active_directory/final/*",
            "type": "Web"
        }

📘

Existing Keys

Note: You can use an existing key if you already have created one and know its secret, but creating a new secret for DivvyCloud is recommended.

4. To create a new secret select Certificates & secrets from the left panel navigation.

  • Click the 'New client secret' button under the Client secrets section of the page to add a new secret.
  • Provide a description, select an expiration interval and click add to complete.

Note: Before you move to a new page within the Azure console, copy the value that you created for the secret in a safe location, you will not be able to return to this view.

At this point, the Azure Active Directory should be viably set up for use with DivvyCloud. Visit DivvyCloud and open the Identity Management section (under Administration on the left-side menu), create a new Authentication Server, making certain to select the ‘Azure Active Directory’ type when you do, and use the values you noted above where needed.

Azure Active Directory Authentication Server Setup

This section assumes that you have set up your Azure Active Directory to function with DivvyCloud. If you have not done so, or need assistance, refer to the section above or reach out to us at [email protected]

To create an Azure Active Directory Authentication Server:

1. Navigate to the Identity Management page, under Administration in the left-side navigation menu. Select the Authentication Servers tab at the top of the page.

2. Click Add Server.

You may need to scroll through the dialog to access all input fields.

3. Enter a nickname, and then select Azure Active Directory for the Server Type.

4. For Tenant, you should provide the domain name associated with the Azure Active Directory instance you are authenticating against.

5. Unless you have a private Azure instance from Microsoft, you probably want to leave the Authority Host URL set to https://login.microsoftonline.com. If you are using a private Azure instance, the Authority Host URL should be the authoritative login URL for that private instance.

6. For Application ID, you want to provide the Application ID from the Azure App Registration. We previously identified this in step 5 of Azure Active Directory.

7. For Client Secret, use the secret key value that we created in step 7 of Azure Active Directory. If that key is not available, create a new one as per the instructions.

We will verify that the values you entered are correct when you click ‘Submit’. If an error message appears, please check that the values you entered are correct for the Active Directory instance you are trying to authenticate to.

Note: Because the Azure Active Directory instance uses an oAuth mechanism for authentication, you won’t be able to assign usernames to users authenticating against the Azure Active Directory system. Instead, you must use the email address for that user as it is in the Azure Active Directory for both the name and email values when creating users for this Authentication Server.

Updated 28 days ago

Azure Active Directory


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.