Docs
Configuration
Discover
How to Configure an Azure Data Source

How to Configure an Azure Data Source

This article provides detailed steps to set up an Azure data source for discovery.

Prerequisites

Azure credentials are required to configure an Azure Data Source.

Before you begin, you must configure an App Registration under Microsoft’s Entra ID service to have a tenant ID, client ID and secret for the Hydden Data Source and Hydden Connection Credentials. The following steps guide you through the necessary steps.

  1. Open your Azure portal and into the search bar at the top, type App registrations.

  2. On the top menu bar, click + for New registration.

  3. Select the scope of the APP - this will also control the scope of the Hydden collector.

  4. On the overview page of the app locate the:

    • Directory (tenant) ID, which is the tenant ID required on the main Data Source configuration page in the Hydden portal.
    • Application (client) ID, which is your client ID needed for the first part of the Hydden Add credential page.

  5. Select Add a certificate or secret.

  6. Click + New client secret.

    • Give it a name and duration.
    • Click add.
    • Copy and save the ‘Secret’ value. Once you move away you will not be able to see this secret value again. This secret value is the second part of the Hydden Add credential page.

  7. Vault your tenant ID, client ID, and a secret.

  8. Verify your permissions settings for the app:

    • Via the left-hand menu, select your application’s API permissions. Your app needs at least the following set of permissions:
       Directory.Read.All                             Application    Read directory data
   Domain.Read.All                                Application    Read domains
   EntitlementManagement.Read.All                 Application    Read all entitlement management resources
   Group.Read.All                                 Application    Read all groups
   GroupMember.Read.All                           Application    Read all group memberships
   IdentityProvider.Read.All                      Application    Read identity providers
   User.Read                                      Delegated      Sign in and read user profile
   UserAuthenticationMethod.Read.All              Application    Read all users' authentication methods

Configure Your Hydden Azure Data Source

  1. Login to your Hydden tenant.

  2. To access the data sources page, navigate to Configuration > Discover and select Data Sources or use the data source URL: https://portal.hydden.com/configuration/datasource.

  3. To add the Azure data source, click + Add Data Source.

  4. From the drop-down, select Azure.

  5. For Name enter an easy-to-identify name for the data source.

  6. For Tenant use the Azure Tenant ID previously saved/vaulted when setting up the Azure app registration.

  7. You may ignore Preset and Schedule for now.

  8. To the right of Credentials, click +.

    1. The Add credential modal opens and the drop-down selection should show Cloud credential. If not, change it to Cloud credential.
    2. Enter a name for your Azure credential.
    3. Enter the client ID and Secret from your Azure app as previously saved/vaulted.
    4. Click Add.

  9. Under Site specify the site matching your client registration site.

  10. Under the Select Account Mapping Rule Set drop-down, select from the following options:

    • Default Rules Only
    • Add All Rules
    • Add All Default Rules
    • Add All Custom Rules
    • Manual Selection: Rules need to be selected from a drop-down menu.

    Any rules added, can be removed by clicking on the x on the rule name label.

    NOTE: Rules need to be set to enabled on the rule add/edit modal to work in your tenant, refer to Account Mapping.

  11. To enable account mapping or identity creation, select the Enable Automatic Account Mapping and Enable Automatic Identity Creation checkboxes respectively. Both options can be enabled at the same time.

  12. In the Automatic Mapping Rules (Match Account to Identity using) field, rules are either automatically populated based on your selection under the Automatic Account Mapping Rules step or you have to manually add rules from the drop-down menu. Any rules added, can be removed by clicking on the x on the rule name label.

  13. From the Automatic Identity Creation Rules (Create New Identity when) drop-down, select which rules you want to use in your environment. Custom rules are listed first. Any rules added, can be removed by clicking on the x on the rule name label.

  14. Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.

At this point, you can run a collection from the Data Sources page and shortly after, you will see your Azure users listed on the Identity Posture dashboard, in Global Search and the Search Library.

How to Configure an AWS Data SourceHow to Configure a GitHub Data Source