Entra ID 통합 시작하기

Teleport에서 Teleport Entra ID 통합을 설정하는 방법을 설명합니다.

사전 요구 사항

1/3단계: 설정 스크립트 생성

Connect to Microsoft Graph with the required scopes for directory and app role assignment permissions.

Retrieve the managed identity's service principal object using its unique principal ID (UUID).

Set the Microsoft Graph enterprise application object.

This is a service principal object representing Microsoft Graph in Entra ID with a specific app ID.

Define the permission scopes that we want to assign to the managed identity.

These are Microsoft Graph API permissions required by the managed identity.

Filter and find the app roles in the Microsoft Graph service principal that match the defined permissions.

Only include roles where "AllowedMemberTypes" includes "Application" (suitable for managed identities).

Iterate over each app role to assign it to the managed identity.

2/3단계: Entra ID 설정

Azure Shell

3/3단계: 플러그인 설치 완료

다음 단계

이 가이드는 가이드 설정으로 Entra ID 통합을 설정하는 방법을 보여줍니다. Teleport는 Teleport Entra ID 통합에 필요한 속성으로 Entra ID 테넌트를 설정하는 스크립트를 생성합니다. 사전 요구 사항 # 사용자는 Microsoft Entra ID 테넌트에서 특권 관리자 권한이 있어야 합니다. Microsoft Graph API 인증 방법 을 선택합니다. 1/3단계: 설정 스크립트 생성 # 2/3단계: Entra ID 설정 # Open Azure Cloud Shell by navigating to shell.azure.com , or by clicking the Cloud Shell icon in the Azure Portal. Make sure to use the bash version of Cloud Shell. Once a Cloud Shell instance opens, paste the Teleport generated bash script that downloads the Teleport binary in your Azure Shell and run the teleport integration configure azure-oidc command. The command performs the following actions: Creates an enterprise application. Configures Teleport as an OIDC IdP for the application. Assigns read-only Microsoft Graph API permissions to read your directory's data (such as users and groups). Configures authentication by setting up a Teleport SAML service provider. # Azure Shell $ bash -c "$(curl 'https://example.teleport.sh/webapi/scripts/integrations/configure/azureoidc.sh?authConnectorName=entra-id')" > teleport integration configure azure-oidc --proxy-public-addr=https://example.teleport.sh --auth-connector-name=entra-id ... Success! Use the following information to finish the integration onboarding in Teleport: Tenant ID: entra-tenant-id Client ID: enterprise-app-id Success! You can now go back to the Teleport Web UI to use the integration with Azure. Once the script is done setting up the Entra ID tenant with the nece