Follow the detailed steps below to configure the necessary settings and permissions.
1. Navigate to Microsoft Entra ID Portal
- Go to https://portal.azure.com and log in with your administrator credentials.
2. Register Dune Security IAM Application
- In the left-hand menu, select Microsoft Entra ID.
- Click on App Registrations.
- Select New Registration.
- Enter the following details:
- Name: Dune Security IAM Analysis API
- Supported Account Types: Accounts in any organizational directory
- Click Register.
- Save your Application ID and Tenant ID as these will be provided to Dune Security.
3. Configure API Permissions
- Navigate to the API Permissions menu.
- Select Add Permission.
- Choose Microsoft Graph API.
- Select Application Permission to allow the application to run as a service.
- Enable the following API endpoints:
- AuditLog.Read.All
- Directory.Read.All
- User.Read.All
- Click Add Permissions.
- Remove the default Delegated User Permissions.
- Click Grant Admin Consent to apply the permissions.
4. Generate Client Secret
- Go to the Certificates & Secrets menu.
- Select New Client Secret.
- Add a client secret with the following details:
- Description: Dune Security Permissions
- Expires: Set the expiration time to match the duration of your contract.
- Save the Client Secret Value securely as it will be shared with Dune Security.
5. Additional Configuration and Support
- Ensure all required values and configurations are correctly set up.
- For any further assistance, reach out to Dune Security support.
Important Notes:
- Keep your Client Secret and Application IDs secure and only share them with authorized personnel.
- Regularly review and update permissions to adhere to security best practices.