Access Azure Active Directory from GitHub Actions

In this post, I will show you how to access Azure Active Directory data and perform tasks from GitHub Actions.

Azure Active Directory

To access Azure Active Directory from GitHub Actions we first need to connect to Azure using a Principal service account and an App Registration as shown in this post.

Once we complete the first step we need to assign the User Administrator role to the Principal Service Account.

Roles And Administrators

To assgin the the Service Principal account the Use Administrator role use the following steps.

Open the Azure Active Directory console

Click on Roles and Administrators

Search for the User Administrator role as shown below and click on it.

Click on Add Assignment

Search for the Service Principal account name and add it.

Workflow

Now that we have all the permissions sorted, let’s connect to Azure Active Directory from a GitHub Actions workflow. The code below will connect to Microsoft Azure and run the Get-AZADUSER command, listing all of our users in Azure AD.

GitHub Actions is using the az PowerShell module that runs on PowerShell 7.1.3. This is not the same as the module as the AzureAD PowerShell module that runs on PowerShell 5.1
on: [push]

name: Azure AD Commands 

jobs:
  run-azure-ad-commands:
    runs-on: ubuntu-latest
    steps:
      - name: Log in with Azure
        uses: azure/login@v1
        with:
          creds: '${{ secrets.AZURE_CREDENTIALS }}'
          enable-AzPSSession: true
      - name: Azure PowerShell Action
        uses: Azure/powershell@v1
        with:
          inlineScript: |
            Get-AzADUser  | ft
          azPSVersion: 3.1.0

For more GitHub Actions blog post visit the category page.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.