Access Reviews for Azure App
This document is a tutorial guide that elaborates on how to do Access Reviews for your Azure App
Creating the certificate
The first step of doing access reviews for your Azure App is to create a certificate in IDHub. Click Here to learn more about how to create a certificate.
Choosing the certification type while creating the certificate.
There are two types of certificates. One is user access and the other is resources access. Since this tutorial you would learn how to audit user access to the Azure App, therefore you need to select certificate type as user access.
Also, In the certificate creation wizard, make sure that you select the Azure App under the resources section.
Running the Certificate
After creating the certificate, Run the certificate. To do this:
- Go to Certificates
- Click on the 3 dots menu for the certificate that you want to run.
- Click on the run menu
- A dialog box will appear (as shown below), then you click on the Yes button.
If the certificate has an approver, then a task would be generated for the certificate approver and once he approves, the certificate task would be Displayed.
Once the certificate is run successfully, a certificate task would be generated for the certifier. The certifier needs to click on the Tasks (left menu) under the IDHub admin app. The certificate task would be displayed in the page (as shown in the screenshot below).
Taking Action on the Certificate Task.
You can click on the task and then you would be able to view the details of the certificate Task.
Certifying the Catalog items in the task
If you (the certifier) would like to certify the catalog items in the task. Then in that case, click on the
certify button. Enter a reason for the same. Then click on the
Once you finish certifying all the catalog items in the certification task. IDHub would display a dialog to complete the certificate.
Once you click on the
YES button. The certification task would be deemed completed.
Revoking Catalog items in the certificate task
As a certifier you see that access to the Azure App needs to be revoked for the user, then in that case you need to click on the 3 dots menu for that item in the certification task and click on Revoke menu.
Again click on the revoke button (enter a reason for the revocation). As is shown below, the item would be revoked for the user. You can then complete the certification by clicking on the complete button below. Once this is done, IDHub would revoke the account from the Azure App.
If you have any questions or concerns, or if there are areas you wish to explore further, please feel free to reach out here. Your feedback is incredibly valuable, not only in improving these resources, but also in helping to shape future content.