Banyan uses the Microsoft Graph SDK for Python to bookmark Services into your Azure AD SSO catalog.
If you installed pybanyan using pip, get the Azure AD extra:
$ pip install pybanyan[azure_ad]Create a Service Principal via the Azure Portal or the Azure CLI.
Assign the following built-in roles to your Service Principal to interact with the Graph API:
- Application.ReadWrite.All
- Group.Read.All
- GroupMember.ReadWrite.All
Grab the credentials for your Service Principal.
Add a section named azure_ad in the ~/.banyan.conf file with your Service Principal credentials:
[banyan]
api_url = ...
refresh_token = ...
[azure_ad]
azure_subscription_id = "id of your Azure subscription"
azure_tenant_id = "id of the application's Azure Active Directory tenant"
azure_client_id = "id of an Azure Active Directory application"
azure_client_secret = "one of the application's client secrets"Confirm you are set up correctly by running:
python -m banyan.ext.idp.azure_adYou should see a list of your AzureAD applications.
You can now create an AzureAD Linked Sign-on from a web service:
banyan service bookmark-aad