Skip to main content
availability

Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)

Azure Active Directory

Azure Active Directory configuration

  1. Visit https://portal.azure.com/#home.
  2. Select Azure Active Directory from the Azure services list.
  3. Select App registrations from the left menu under the Manage group and click the New Registration button.
  4. Type "invictiappsec" into the name field, and select the supported account type to configure who can access Invicti AppSec from Azure Active Directory, select Web as the Redirect URI platform, add '' {YOUR_INVICTI_AppSec_HOST}/login/azureactivedirectory as Redirect URI, and click the Register button.
  5. Select Certificates & secrets from the left menu under the Manage group in invicti-AppSec application registration.
  6. Select the Client Secrets tab and click the New client secret button.
  7. Type "invictiappsec" into the description field, select an expiration value from the list, and click the Add button.
  8. Copy the client's secret value to a safe place.
  9. Select API permissions from the left menu under the Manage group in the invicti-AppSec application registration and click the Add a permission button.
  10. Select the Microsoft APIs tab, select Microsoft Graph from the API list, and select the Application permissions value as the type of permission, choose and expand Directory permissions from the permissions list, and check Directory.Read.All permission and select and expand User permissions from the permissions list, check User.Read.All permission and click the Add permissions button.
  11. In the same Microsoft APIs tab, select Microsoft Graph from the API list, select the Delegated permissions value as the type of permission, select and expand OpenId permissions from the permissions list, check email, openid, profile permissions and select and expand Mail permissions from the permissions list, check Mail.Read permission and, select and expand User permissions from the permissions list, check User.Read permission and click the Add permissions button.
  12. Click the Grant admin consent for the default directory button, then click Yes on the popup confirmation panel.
Integration steps

  1. Select Token configuration from the left menu under the Manage group in invicti-AppSec application registration and click the Add optional claim button.

  2. Select ID as a token type and select the email, family_name, given_name, preferred_username claims from the claim list and click the Add button.

  3. Check the checkbox and click the Add button on the optional claim popup confirmation panel.

  4. Select App roles from the left menu under the Manage group in invicti-AppSec application registration and click the Create app role button.

  5. Enter "Invicti AppSec Admin" value as Display name, select "User/Groups" value as Allowed member types, enter "InvictiAppSecAdmin" value as Value, and enter "Invicti AppSec Admin" value as Description and click the Apply button.

  6. Enter "Invicti AppSec Product Owner" value as Display name, select "User/Groups" value as Allowed member types, enter "InvictiAppSecProductOwner" value as Value, and enter "Invicti AppSec Product Owner" value as Description and click the Apply button.

  7. Enter "Invicti AppSec Manager" value as Display name, select "User/Groups" value as Allowed member types, enter "InvictiAppSecManager" value as Value, and enter "Invicti AppSec Manager" value as Description and click the Apply button.

  8. Enter "Invicti AppSec Team Lead" value as Display name, select "User/Groups" value as Allowed member types, enter "InvictiAppSecTeamLead" value as Value and enter "Invicti AppSec Team Lead" value as Description and click the Apply button.

  9. Enter "Invicti AppSec Developer" value as Display name, select "User/Groups" value as Allowed member types, enter "InvictiAppSecDeveloper" value as Value, and enter "Invicti AppSec Developer" value as Description and click the Apply button.

  10. Enter "Invicti AppSec Pentester" value as Display name, select "User/Groups" value as Allowed member types, enter "InvictiAppSecPentester" value as Value, and enter "Invicti AppSec Pentester" value as Description and click the Apply button.

  11. Select Overview from the left menu.

  12. Copy Application (client) ID and Directory (tenant) ID to a safe place.

  13. Click the "invictiappsec" value in the connection link "Managed application in local directory" in Essentials panel.

  14. Select Properties from the left menu.

  15. Select the value of "Assignment required?" as Yes then click the Save button.

Integration steps
  1. Select Users and groups from the left menu, then click the Add user/group button.
  2. Select a group and assign the group with "Invicti AppSec Admin" role and then click the Assign button.
  3. Select a group and assign the group with "Invicti AppSec Product Owner" role and then click the Assign button.
  4. Select a group and assign the group with "Invicti AppSec Manager" role and then click the Assign button.
  5. Select a group and assign the group with "Invicti AppSec Team Lead" role and then click the Assign button.
  6. Select a group and assign the group with "Invicti AppSec Developer" role and then click the Assign button.
  7. Select a group and assign the group with "Invicti AppSec Pentester" role and then click the Assign button.

Invicti AppSec configuration

  1. Login to your Invicti AppSec application with a user who has the admin role.
  2. Select Settings from the left menu.
  3. Select Single Sign-On Tools from the Integrations menu.
  4. Create or Update the Azure Active Directory.
  5. Enter Tenant ID, Client ID, and Client Secret information of your Azure Active Directory application, which is named invictiappsec.
  6. Map roles defined in Azure Active Directory invicti-AppSec application with listed Invicti AppSec roles.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?