Discovery of Azure Service Principals and expiry dates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-01-2024 05:51 AM - edited ‎03-01-2024 05:55 AM
So I had a question from our cloud team, about whether we can discover the many azure service pricipals and their renewal dates in ServiceNow to automate the renewal process.
Having looked it seems they are not stored as a cloud resource object so I can't just copy and amend one of the out of the box patterns to find them.
Rather than using the Azure Resource Graph API, the documentation on the azure website advises using the base Microsoft graph API, to query.
i.e. using "GET https://graph.microsoft.com/v1.0/servicePrincipals" rather than "POST https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2022-10-01" as the root URL .
Has anyone out here managed to find a way to use discovery to list security principals and their credential expiry dates?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-03-2024 11:56 PM
Hi @damianfell ,
Refer the below docs, might it will help.
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thanks
AJ
Linkedin Profile:- https://www.linkedin.com/in/ajay-kumar-66a91385/
ServiceNow Community Rising Star 2024
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2024 04:03 PM
I'm afraid not, that article is just the summary of how to setup the discovery service principal, and it's client secret.
Our service principal is working and configured fine, the blue-sky question is how to find all the other ones in our tenancy via the graph API rather than the resource API.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2024 09:42 PM
Hi @damianfell ,
I never tried to fetch the expiry date using the Graph connector but that can be possible, we need to twick the Graph Only.
Also using graph connector as many as Service Account you can discover.
In that case , you needs to check the Mapping of field using ETL hub as well as you can manage the attribute mapping, if azure is not sending that attribute, you can ask to add the same in graph API.
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thanks
AJ
Linkedin Profile:- https://www.linkedin.com/in/ajay-kumar-66a91385/
ServiceNow Community Rising Star 2024
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-30-2024 06:42 AM
Hi,Is it recommended to fetch all the AZURE SERVICE PRINCIPALS from azure to servicenow?
As azure service principal table is the child table of credentials table, if we have lets say 1000 SP's then the actual credential table which servicenow platform team might be using for different integration credential storage purposes would be filled with other Service Principal's which platform team not going to use!
-->We dont have discovery and we plan to import the SP's as we have the need to do the life cycle management of them through servicenow. So one of the solution might be a graph API but i am skeptical about target table
