Azure Plugin
Rotate Azure AD account passwords
Last updated
Was this helpful?
Rotate Azure AD account passwords
Last updated
Was this helpful?
Keeper has also launched a zero-trust Password Rotation feature with KeeperPAM. This new capability is recommended for most password rotation use cases. The Documentation is linked below:
Commander
This plugin generates/rotates Azure AD password for any user.
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
Populate the 'Login' field of the Keeper record with the Azure login name
The following fields are required for Azure AD rotation. Create each field with the label indicated and supply the required information.
cmdr:azure_secret
Displayed upon Registration of a new application (under Azure portal -> Azure Active Directory
-> App Registrations
-> New Registration
.
cmdr:azure_client_id
Azure portal -> Azure Active Directory
-> App Registrations
-> [App name] -> Application (client) ID
cmdr:azure_tenant_id
Azure portal -> Azure Active Directory
-> App Registrations
-> [App name] -> Directory (tenant) ID
cmdr:azure_cloud
Optional. Azure Cloud. There are 4 physical Azure cloud locations
1. Global
. Default location. Omit this property.
2. China
3. German
4. USGov
The following values can customize rotation parameters. Add these options to a record as text fields and set the label to correspond to the parameter as shown in the table.
cmdr:plugin
azureadpwd
(Optional) Tells Commander to use Azure AD Key rotation. This should be either set to the record, or supplied to the rotation command
cmdr:rules
To rotate Azure passwords, use the rotate
command in Commander. Pass the command a record title or UID (or use --match
with a regular expression to rotate several records at once)
After rotation is completed, the new password will be stored in the Password
field of the record
See the section for more information on legacy vs typed records
(Optional)