Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Authorize Developer Accounts by Using Microsoft Entra ID

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Low (generally tolerable risk)

Ensure that your Azure API Management API services are configured to automatically enable a Microsoft Entra ID application and identity provider for users of the Developer Portal. The Developer Portal in Azure API Management is an automatically generated, fully customizable website that serves as a central hub for developers to discover, understand, and consume APIs. It provides comprehensive API documentation, interactive code samples, and secure access to APIs.

Security
Operational
excellence

User sign-in with Microsoft Entra ID for Developer Portal in Azure API Management ensures secure authentication, seamless integration with existing organizational identities, and fine-grained access control. It simplifies user management, enhances security, and provides a unified experience for developers using APIs.


Audit

To determine if user sign-in with Microsoft Entra ID is enabled for Azure API Management Developer Portal, perform the following actions:

Getting the user sign-in status for Developer Portal via Azure Command Line Interface (Azure CLI) and Azure PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#view/HubsExtension/BrowseAll to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box and choose Apply.

04 From the Type filter box, select API Management service and choose Apply to list only the Microsoft Azure API Management services available in the selected subscription.

05 Click on the name (link) of the Azure API Management service that you want to examine.

06 In the navigation panel, under Developer portal, select Portal overview to access the Developer Portal overview page.

07 Select the Overview tab and check the Enable user sign-in with Azure Active Directory feature status. If an active Enable Azure AD button is displayed under Enable user sign-in with Azure Active Directory, access to the Developer Portal for developers using Microsoft Entra ID is not enabled for the selected Azure API Management service.

08 Repeat steps no. 5 – 7 for each Azure API Management service available in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To ensure that user sign-in with Microsoft Entra ID is enabled for Azure API Management Developer Portal, perform the following actions:

Enabling Microsoft Entra ID user authentication for Azure API Management Developer Portal via Azure Command Line Interface (Azure CLI) and Azure PowerShell is not currently supported.

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#view/HubsExtension/BrowseAll to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box and choose Apply.

04 From the Type filter box, select API Management service and choose Apply to list only the Microsoft Azure API Management services available in the selected subscription.

05 Click on the name (link) of the Azure API Management service that you want to examine.

06 In the navigation panel, under Developer portal, select Portal overview to access the Developer Portal overview page.

07 Select the Overview tab and choose Enable Azure AD under Enable user sign-in with Azure Active Directory. On the Enable Azure Active Directory confirmation panel, choose Enable Azure AD to enable user access to the Developer Portal using Microsoft Entra ID. Enabling user sign-in with Microsoft Entra ID will automatically provision a Microsoft Entra application in your tenant, configure it as an identity provider in API Management, and publish your Developer Portal instance. Choose Close to return to the Developer Portal overview page. The users within the specified Microsoft Entra instance can now sign into the Developer Portal by using a Microsoft Entra ID account.

08 (Optional) To manage the Microsoft Entra ID configuration for the Developer Portal, choose Identities from the navigation panel, and select Azure Active Directory.

09 Repeat steps no. 5 – 8 for each Azure API Management service that you want to configure, available in the selected Azure subscription.

10 Repeat steps no. 3 – 9 for each subscription created within your Microsoft Azure cloud account.

References

Publication date Dec 26, 2023