From 301c07f81c225317f4f01ff85773f19e52febc69 Mon Sep 17 00:00:00 2001 From: ChrFrohn Date: Sat, 12 Apr 2025 11:28:14 +0200 Subject: [PATCH] Update README.md and add PowerShell script for Entra ID app registration --- .../CreateAppRegForAccesspackageBuilder.ps1 | 45 +++++++++ README.md | 92 ++++++++++--------- 2 files changed, 95 insertions(+), 42 deletions(-) create mode 100644 PowerShell/CreateAppRegForAccesspackageBuilder.ps1 diff --git a/PowerShell/CreateAppRegForAccesspackageBuilder.ps1 b/PowerShell/CreateAppRegForAccesspackageBuilder.ps1 new file mode 100644 index 0000000..4ced282 --- /dev/null +++ b/PowerShell/CreateAppRegForAccesspackageBuilder.ps1 @@ -0,0 +1,45 @@ +# Prerequisites: +# - Install the Microsoft Graph PowerShell module: Install-Module Microsoft.Graph -Scope CurrentUser +# - Ensure you have the necessary permissions to create app registrations in Azure AD. + +# Connect to Microsoft Graph interactively +Connect-MgGraph -Scopes "Application.ReadWrite.All" + +# Create the app registration +$appRegistration = @{ + displayName = "APR-AccessPackageBuilder-Demo" + signInAudience = "AzureADMultipleOrgs" # Multi-tenant + web = @{ + redirectUris = @("http://localhost:3000/auth/redirect") + homePageUrl = "http://localhost:3000" + } + requiredResourceAccess = @( + @{ + resourceAppId = "00000003-0000-0000-c000-000000000000" # Microsoft Graph + resourceAccess = @( + @{ id = "df021288-bdef-4463-88db-98f22de89214"; type = "Role" } # User.Read.All + @{ id = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"; type = "Role" } # Directory.Read.All + @{ id = "5b567255-7703-4780-807c-7be8301ae99b"; type = "Role" } # Group.Read.All + ) + } + ) +} + +# Use the New-MgApplication cmdlet to create the app registration +$response = New-MgApplication -DisplayName $appRegistration.displayName ` + -SignInAudience $appRegistration.signInAudience ` + -Web $appRegistration.web ` + -RequiredResourceAccess $appRegistration.requiredResourceAccess + +# Output the app registration details +Write-Host "App Registration Created:" +Write-Host "Client ID: $($response.AppId)" +Write-Host "Tenant ID: $((Get-MgOrganization).Id)" + +# Create a client secret for the app registration +$secret = Add-MgApplicationPassword -ApplicationId $response.Id -PasswordCredential @{ + DisplayName = "DefaultSecret" +} + +# Output the client secret +Write-Host "Client Secret: $($secret.SecretText)" \ No newline at end of file diff --git a/README.md b/README.md index 374152b..b996f90 100644 --- a/README.md +++ b/README.md @@ -13,70 +13,78 @@ A web application designed to simplify the visualization and management of acces ## Features -- 🚀 Simplify Access: Visualize group memberships effortlessly. -- 🌍 Dynamic Visuals: Explore interactive maps of users, departments, and companies. -- 🤖 Smart Suggestions: Get automated Access Package recommendations tailored to your data. -- 🔍 Clear Insights: Identify unassigned groups and excluded users with ease. -- 🎯 Custom Filters: Zoom in on specific departments or companies in seconds. -- 🔗 Seamless Microsoft Integration: Built for Microsoft Entra ID Governance. +- 🚀 **Simplify Access**: Visualize group memberships effortlessly. +- 🌍 **Dynamic Visuals**: Explore interactive maps of users, departments, and companies. +- 🤖 **Smart Suggestions**: Get automated Access Package recommendations tailored to your data. +- 🔍 **Clear Insights**: Identify unassigned groups and excluded users with ease. +- 🎯 **Custom Filters**: Zoom in on specific departments or companies in seconds. +- 🔗 **Seamless Microsoft Integration**: Built for Microsoft Entra ID Governance. +## Roadmap -## Roadmap +- [ ] +- [ ] +- [ ] -- bla bla bla +## Run Locally -- bla bla bla +### Prerequisites +#### Software +- Install [Node.js](https://nodejs.org/) +- Install [Express](https://expressjs.com/) -# Run Locally - -Clone the project - +Install dependencies: ```bash - git clone https://link-to-project +npm install ``` -Go to the project directory - -```bash - cd my-project -``` +#### Entra ID App Registration +Create an Entra ID app registration (multi-tenant) with the following permissions: +- `User.Read.All` +- `Directory.Read.All` +- `Group.Read.All` -Install dependencies +You can use a PowerShell script to create the app registration (requires `Application.ReadWrite.All` permissions). +[Link to PowerShell script](#) -```bash - npm install +#### Environment Variables +Add the following to a `.env` file: +```env +AZURE_CLIENT_ID= +AZURE_CLIENT_SECRET= ``` -Start the server +### Running the Project -```bash - npm start -``` - -Open you browser +1. **Fork the Repository** + Fork this repo: [Access Package Builder](https://github.com/nicowyss/accesspackagebuilder.git) -```bash - http://localhost:3000 -``` +2. **Clone the Repository** + ```bash + git clone https://github.com/YOURGITHUBUSERNAME/accesspackagebuilder.git + cd accesspackagebuilder + ``` -## Tech Stack +3. **Start the Server** + ```bash + npm start + ``` -### Client -- ... +4. **Access the Application** + Open your browser and navigate to: + [http://localhost:3000](http://localhost:3000) -### Server -- Node.js -- Express +## Deployment -### Deployment -- Azure App Service -- GitHub Actions +This project can be deployed using: +- **Azure App Service** +- **GitHub Actions** -## Authors +## Author(s) - [@nicowyss](https://github.com/nicowyss) ## License -This project is licensed under the [MIT License](LICENSE). +This project is licensed under the [MIT License](LICENSE). \ No newline at end of file