Onboarding Azure Directory Using Cloud Entitlements Manager | CyberArk

In this video we'll review how To connect your Cloud Entitlements Manager to an Azure AD Root Management Group

From within the Cloud Entitlements Manager console Click Setup & select platform management. Hover over the Azure Block and click on connect

Choose New Directory and Click connect

Now We'll Need to gather information from Azure for the next steps.

Log into the azure portal as a Global Admin with elevated access to management groups

Select Active directory & Copy the Tenant ID which we will then paste into the CEM console

Optionally you can Provide a name and description for the directory.

Now scroll down and Copy the command to clone CEMs azure deployment repository

On Azure's console, open the cloud shell. Make sure to use the bash option and not PowerShell.

Paste the command into the console window and press enter.

When the operation is complete, go back to the CEM config page and copy the second command

Paste this into the console window in azure and press enter.

When the second command completes, copy the final value output coded in green text

Paste this into the Final Value field back on the CEM page

The next step is to set the app permissions.

Navigate back to azure active directory. Select App registrations.

In the all applications tab, select the CyberArk CEM app.

Navigate to API permissions and select the check mark to grant consent for the directory.

Click yes to confirm .

Now its time to enable CEM to discover the Directory Hierarchy.

Navigate to Azure Management groups and select the Root management group. The Default Name for this will be Tenant root group.

Next, navigate to Access Control and click the add button at the top of the screen

Click on ""add role assignment"" to open the role assignment pane.

From the role drop down menu, select the reader role.

Search for the CYB-CEM app in the select box and choose the CEM application

Click Save.

Back on the CEM configuration page click the Start Discovery button to initiate the scan

Once the scan completes, the management groups and subscriptions will be displayed.

Workspaces can be connected by individual subscriptions, or by the entire management group or directory.

Once the workspaces are connected,, navigate to the dashboard to see the newly scanned data.

If you do not see new results, you may need to refresh your browser.

Видео Onboarding Azure Directory Using Cloud Entitlements Manager | CyberArk канала CyberArk University