-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathClient-AzureOnboard.json
159 lines (159 loc) · 7.3 KB
/
Client-AzureOnboard.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"mspOfferName": {
"type": "string",
"metadata": {
"description": "Specify a unique name for your offer"
},
"defaultValue": "IT Partners - Managed Services"
},
"mspOfferDescription": {
"type": "string",
"metadata": {
"description": "Name of the Managed Service Provider offering"
},
"defaultValue": "IT Partners Limited, Microsoft Azure Managed Services"
},
"managedByTenantId": {
"type": "string",
"metadata": {
"description": "Specify the tenant id of the Managed Service Provider"
},
"defaultValue": "aa848a4d-fe9e-4b2f-b64a-a95a1e8b44e9"
},
"authorizations": {
"type": "array",
"metadata": {
"description": "Specify an array of objects, containing tuples of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers."
},
"defaultValue": [
{
"principalId": "288dcb75-c397-4ade-9526-56554d208a71",
"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Reader"
},
{
"principalId": "08afa2f6-c1f6-49e5-aa6a-eff6dc49be2e",
"roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"principalIdDisplayName": "Provider Automation Account"
}
]
},
"eligibleAuthorizations": {
"type": "array",
"metadata": {
"description": "Provide the auhtorizations that will have just-in-time role assignments on customer environments with support for approvals from the managing tenant"
},
"defaultValue": [
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "23da7840-fae5-44ab-8a52-101d0c334c58",
"roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Contributor"
},
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "23da7840-fae5-44ab-8a52-101d0c334c58",
"roleDefinitionId": "91c1777a-f3dc-4fae-b103-61d183457e46",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Contributor"
},
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "23da7840-fae5-44ab-8a52-101d0c334c58",
"roleDefinitionId": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Contributor"
},
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "1a4cc546-fda8-45c5-8e8b-0d743c9095dd",
"roleDefinitionId": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Operator"
},
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "1a4cc546-fda8-45c5-8e8b-0d743c9095dd",
"roleDefinitionId": "00c29273-979b-4161-815c-10b084fb9324",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Operator"
},
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "1a4cc546-fda8-45c5-8e8b-0d743c9095dd",
"roleDefinitionId": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Operator"
},
{
"justInTimeAccessPolicy": {
"multiFactorAuthProvider": "Azure",
"maximumActivationDuration": "PT8H"
},
"principalId": "1a4cc546-fda8-45c5-8e8b-0d743c9095dd",
"roleDefinitionId": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"principalIdDisplayName": "AAD-ITP-Clients-MS-AZ-Operator"
}
]
}
},
"variables": {
"mspRegistrationName": "[guid(parameters('mspOfferName'))]",
"mspAssignmentName": "[guid(parameters('mspOfferName'))]"
},
"resources": [
{
"type": "Microsoft.ManagedServices/registrationDefinitions",
"apiVersion": "2020-02-01-preview",
"name": "[variables('mspRegistrationName')]",
"properties": {
"registrationDefinitionName": "[parameters('mspOfferName')]",
"description": "[parameters('mspOfferDescription')]",
"managedByTenantId": "[parameters('managedByTenantId')]",
"authorizations": "[parameters('authorizations')]",
"eligibleAuthorizations": "[parameters('eligibleAuthorizations')]"
}
},
{
"type": "Microsoft.ManagedServices/registrationAssignments",
"apiVersion": "2020-02-01-preview",
"name": "[variables('mspAssignmentName')]",
"dependsOn": [
"[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
],
"properties": {
"registrationDefinitionId": "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
}
}
],
"outputs": {
"mspOfferName": {
"type": "string",
"value": "[concat('Managed by', ' ', parameters('mspOfferName'))]"
},
"authorizations": {
"type": "array",
"value": "[parameters('authorizations')]"
},
"eligibleAuthorizations": {
"type": "array",
"value": "[parameters('eligibleAuthorizations')]"
}
}
}