ARM template - how to find what objectid maps to?

Greg Yvkoff 151 Reputation points
2020-10-13T22:57:36.567+00:00

The ARM template for a particular key vault permission has this:

                {
                    "tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                    "objectId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                    "permissions": {
                        "keys": [],
                        "secrets": [
                            "Get",
                            "List"
                        ],
                        "certificates": [],
                        "storage": []
                    }
                }

With the given objectId, how do I find the user/app associated with it using Azure Portal? If not possible, what other means can get me the info?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,651 questions
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,046 Reputation points Microsoft Employee
    2020-10-13T23:43:06.893+00:00

    @Greg Yvkoff
    Thank you for your post!
    1.On your Key Vault resource -> Export Template, you should see what you posted above. Copy and paste the ObjectIDs to a Notepad/Text Editor.
    *To find your tenantID just go to Azure Active Directory - Overview

                "tenantId": "...15719",  
                "accessPolicies": [  
                    {  
                        "tenantId": "...15719",  
                        "objectId": "...8c82-7bb34af3111d",  
                        "permissions": {  
                            "keys": [  
                                "Get",  
                    {  
                        "tenantId": "...15719",  
                        "objectId": "...-e910c23d7f14",  
                        "permissions": {  
                            "keys": [  
                                "Get",  
                    {  
                        "tenantId": "....15719",  
                        "objectId": "....-e37a329f3d53",  
                        "permissions": {  
                            "keys": [  
                                "Get",  
    

    32212-image.png

    2.Navigate to your Key vault "Access Policies" -> Look at the apps and users that you have assigned to this Key Vault.
    32133-image.png

    3.You can find the user by going to:
    Azure Active Directory -> Users -> Search (name or email address)/Select the user that was under the Key Vault Access Policies.
    32142-image.png

    4.For App registrations, this should be the Service Principle object of your App registration, go to:
    Azure Active Directory -> Enterprise Applications -> Search/Select the app name (i.e. jtGraph)
    32155-image.png

    5.For other Azure resources, the name associated to the access policy should be the same as your Azure resource.
    32092-image.png

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


0 additional answers

Sort by: Most helpful