Pre-requisites

Download the requisite policy files(.json) and script(“.py” or “.sh” from the Saner Cloud Onboarding page) into your preferred location.

• [Mandatory] Click here to download the Azure Remediation Policy
• [Mandatory] Click here to download the Azure Graph API
• sp-saner-cnapp-azure-onboarding.py
• sp-saner-cnapp-azure-onboarding.sh

Download the “.py” OR “.sh” file

Just make sure to have logged into the application with administrator privileges. You can download the .py and .sh files from the Azure Onboarding page in Saner Cloud Security Deployment.

1. Access the Control Panel and choose the relevant organization
2. Click on the CNAPP menu from the sidebar
3. Choose Onboarding under Cloud Infrastructure Deployment
4. Choose the Account Name that you want to onboard. The Azure Onboarding page opens.
5. Click the link “Download Onboarding Script” and click the script you choose to download

Access Cloud Shell

Step 1: Go to the Azure portal: https://portal.azure.com

Step 2: Click the Cloud Shell icon (top-right corner in the portal’s menu bar)

REMEMBER: Switch to Bash, incase you’re in the powershell mode.

Switch to Bash

Step 1: If the Cloud Shell opens in PowerShell mode, switch to Bash by clicking the dropdown arrow next to the shell type

Step 2: Select Bash

IMPORTANT: Make sure you have the appropriate permissions(preferably, global administrator) to execute the bash script.

Fetch the Subscription ID

Step 1: In the Azure portal search bar, type “subscription”

Step 2: Click on Subscriptions from the search results

Copy the Subscription ID to Use in Script Execution

Step 1: You’ll see a list of subscriptions associated with your Azure account

Step 2: Identify the relevant Subscription ID

Note: Copy the Subscription ID  and pass it as an input parameter when executing your custom script.

Transfer Policy Files(.json) and Scripts(“.sh” or “.py”) to Azure CLI

Pre-requisite: Make sure you have the appropriate permissions(preferably, global administrator) to execute the bash script.

Use “wget” Command to Download the JSON Policy Files

Its mandatory that you execute both the commands in Azure CLI in-order to download the JSON policy files:

wget https://sp-saner-cnapp-prod-public.s3.us-west-2.amazonaws.com/sp-saner-cnapp-azure-rem-policy.json

 wget https://sp-saner-cnapp-prod-public.s3.us-west-2.amazonaws.com/sp-saner-cnapp-azure-graph-api-perm.json

Transfer the Script Files Using “nano” or “vim” Text Editor

Copy the content from any of the following script files, paste into the editor, and hit the enter key.

• sp-saner-cnapp-azure-onboarding.py
• sp-saner-cnapp-azure-onboarding.sh

Execute the Scripts

After transferring the JSON files and script(.py or .sh) into Azure CLI, provide permission and begin with script execution. You can either execute the “.sh” or “.py” script as per your preference.

The following steps are described using “.sh” as an example.

Step 1[Provide Permission]: Type the following command into the Azure Bash session

chmod +x sp-saner-cnapp-azure-onboarding.sh

Step 2: Execute the Script

./sp-saner-cnapp-azure-onboarding.sh

Step3: Type the next command and key in your subscription id into the portion with quotes and hit the enter key:

./sp-saner-cnapp-azure-onboarding.sh –subscription-id “xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”

Step4: Observe the script in processing state

Get Onboarding Details After Script Execution Completes

Once the script execution completes, the output provides the information needed for Azure onboarding in Saner Cloud.

Recommendation: Record the values of the output as you need to provide these values as input when you complete the onboarding for your account subscription in Saner Cloud.

The output displays the following details:

• Service Principal Name
• Application (Client ID)
• Directory (Tenant ID)
• Client Secret (Secret Key)
• Custom Role Name

IMPORTANT: The Client Secret (Secret Key) is generated only once. Make sure to secure this key to retrieve when needed.

Carry out the next few required steps, and finally, copy the required values to enter them into the Saner Cloud Azure Onboarding Page.

Carryout the Next Few Required Steps

Navigate to Azure Portal > Azure Active Directory

Access All Registrations and Search by the Service Principal Name

Note: You can copy the service principal name from the executed script and paste in the search box under All applications.

Once the search results are retrieved, click the link under Display name column to open the API permissions.

Select API permissions

Grant Admin Consent for Default Directory

Click Yes and proceed with your consent.

Complete the Onboarding for Your Cloud Account Subscription

Step 1: Open the account for which you want to onboard the subscription and key in the values obtained from the script execution

• Tenant ID(Directory(Tenant)ID)
• Client ID(Application(Client) ID)
• Client Secret Value(Client Secret)

Step2: Click Onboard. Now you’re ready to initiate the scanning process.