Non-Production Roles¶
📋 Summary¶
Azure cloud applications do not use traditional AD roles to authorize users for access to resources, but instead use Okta groups created specifically for securing resources within the application. These groups are assigned to users via an Okta group rule that associates a user's Active Directory business role with the individual application Okta groups.
The AD business roles are the roles defined in the OU [Domain]\ApplicationSecurity\ApplicationRoles. These include Divisions and Titles.
For non-production testing purposes, there is an automated Azure DevOps pipeline that maintains a copy of each of these AD business roles in Okta with the suffix -np-user-role.
Example: AD → Agency Marketing Technician = Okta → agency marketing technician-np-user-role
For development and testing purposes, it is necessary to place yourself in the business roles specific to your use case. The it-nporles-shasca-test pipeline within this repository will add/remove you from these roles.
🚀 Instructions¶
To maintain the list of roles you are currently in:
- Open
[Repo]/infra/my-roles.yml - Make sure the Username: attribute is your mailid
- Using YAML array syntax, create a list of the business roles you wish to be in for testing
- Save the file
- Run the [projectid]-np-roles pipeline
📝 Example Configuration¶
Sample my-roles.yml file: