Azure Plugin
Rotate Azure AD account passwords
Keeper has launched a new Password Rotation feature with Keeper Secrets Manager. This new capability is recommended for all password rotation use cases. The Documentation is linked below:
Password Rotation with Keeper Secrets Manager
This plugin generates/rotates Azure AD password for any user.
Prerequisites
Configure Azure Application to have User Administrative Privileges
Prepare Records for Rotation
Create a Record for Rotation
Rotation supports legacy and typed records. If using typed record, a 'Login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.
See the Troubleshooting section for more information on legacy vs typed records
Set the Azure Login Name
Populate the 'Login' field of the Keeper record with the Azure login name
Add Required Fields
The following fields are required for Azure AD rotation. Create each field with the label indicated and supply the required information.
Label | Description |
---|---|
cmdr:azure_secret | Displayed upon Registration of a new application (under Azure portal -> |
cmdr:azure_client_id | Azure portal -> |
cmdr:azure_tenant_id | Azure portal -> |
cmdr:azure_cloud | Optional. Azure Cloud. There are 4 physical Azure cloud locations
1. |
For an easier time creating new Azure rotation records, create a custom record type with theses text type fields defined
Additional Rotation Settings
The following values can customize rotation parameters. Add these options to a record as text fields and set the label to correspond to the parameter as shown in the table.
Label | Value | Description |
---|---|---|
cmdr:plugin | azureadpwd | (Optional) Tells Commander to use Azure AD Key rotation. This should be either set to the record, or supplied to the rotation command |
cmdr:rules | (Optional) password complexity rules |
Rotate
To rotate Azure passwords, use the rotate
command in Commander. Pass the command a record title or UID (or use --match
with a regular expression to rotate several records at once)
The plugin can be supplied to the command as shown here, or added to a record field (see options above). Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.
Output
After rotation is completed, the new password will be stored in the Password
field of the record
Last updated