Skip to content

Configure Service Principal as User in Entra ID (AAD)

Privacera supports syncing Service Principals as users in Azure Active Directory (AAD). This section provides steps to configure Service Principal as a user in AAD.

Note: If Sync Service Principals as Users is enabled, AAD does not require that displayName of a Service Principal be a unique value. In this case a different attribute (such as appId) should be used as the Service Principal Username.

Setup

Go to the Privacera Manager host and navigate to the Privacera Manager installation directory:

Bash
1
2
cd ~/privacera/privacera-manager
vi config/custom-vars/vars.privacera-usersync.azuread.yml

Add or update the following variables:

Bash
1
2
3
4
5
#sync azure service principal to ranger user entity
AZURE_AD_SERVICEPRINCIPAL_ENABLED: "false"
#Properties to specify from which key to get values of username in case service principal is mapped to ranger user entity
# E.G displayName
AZURE_AD_SERVICEPRINCIPAL_USERNAME: "displayName"

Restart Privacera Services

Bash
1
2
3
cd ~/privacera/privacera-manager
./privacera-manager.sh setup
./pm_with_helm.sh upgrade

Comments