| << Back to previous view |
|
[QB-4044] Investigate Azure Machine ID for automated build
|
|
| Status: | Open |
| Project: | QuickBuild |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major |
| Reporter: | Robin Shen | Assigned To: | Robin Shen |
| Resolution: | Unresolved | Votes: | 0 |
| Remaining Estimate: | Unknown | Time Spent: | Unknown |
| Original Estimate: | Unknown | ||
| Description |
|
From user,
We noticed QuickBuild can do Azure SAML Single Sign-On for the users (https://wiki.pmease.com/display/QB13/Single+Sign-On+with+Azure+AD+%28SAML%29). If possible, the county would like QuickBuild to use Managed Identity, the Azure Entra ID version of what would be a service account on-premises. It could be either an user-assigned managed identity, which would require a QuickBuild setting to allow for that, or a system-assigned managed identity, assigned to the VM. QuickBuild would need to rely on the VM's authentication process in Azure VM. Here are links for these topics: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/tutorial-windows-vm-access-arm https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/qs-configure-portal-windows-vm To your question " What is the benefit?", here are some: - it improves security by not having password sharing or hardcoded somewhere. - It uniquely identifies QuickBuild as a principal for ACL / RBAC assignment. - It allows for Azure resource access both intra and inter tenants. |