PingOne Privilege

Configuring Azure AKS access

This topic describes the required configurations within the Azure portal to allow PingOne Privilege to discover and manage your Azure Kubernetes Service (AKS) clusters.

The process involves enabling Microsoft Entra ID authentication on the AKS cluster and then assigning the necessary identity and access management (IAM) roles to the PingOne Privilege connector application.

Configuring authentication on the AKS cluster

First, configure your AKS cluster to use Microsoft Entra ID for authentication and to allow local accounts.

  1. In the Azure portal, go to your Kubernetes services.

  2. Select the desired AKS cluster in the list to open its management blade.

  3. In the sidebar under Settings, select Cluster configuration.

  4. In Authentication and authorization, select Microsoft Entra ID authentication with Azure RBAC.

  5. Ensure the Kubernetes local accounts checkbox is enabled.

  6. Click Apply to save the changes.

Assigning IAM roles to the connector app

Next, grant the PingOne Privilege connector application the required permissions to manage the cluster.

These steps may not be necessary if the connector app already inherits these roles from its subscription-level permissions.

  1. From the AKS cluster’s management blade, go to Access control (IAM).

  2. Click Add > Add role assignment.

  3. In the Role tab, search for and select the Azure Kubernetes Service Cluster Admin Role. Click Next.

  4. In the Members tab, click Select members.

  5. Search for the PingOne Privilege Connector App, select it, and click Select.

  6. Click Review + assign to complete the assignment.

  7. Repeat steps 2-6 to assign the Azure Kubernetes Service RBAC Cluster Admin role to the same PingOne Privilege Connector App.

Onboarding the cluster in PingOne Privilege

After completing the configuration in the Azure portal, rescan your Azure account in PingOne Privilege to discover the cluster.

  1. In the PingOne Privilege admin console, go to Clouds.

  2. Click the Azure icon, find your Azure account, and click More Info.

  3. Go to the Resources tab and click Rescan.

After the rescan is complete, the AKS cluster will be available to manage under the Targets menu.