LogoLogo
LogoLogo
  • Welcome
    • Navigation
  • RealmJoin Deployment
    • Onboarding
    • Required Permissions
    • Infrastructure Considerations
      • Multi User Devices
    • Migration to RealmJoin vNext
  • User, Group and Device Management
    • Overview
    • User Profile
    • Organization Details
    • User, Group and Device Lists
      • User Details
      • Group Details
      • Device Details
    • User and Group Settings
      • Available RealmJoin Policies
  • App Management
    • Packages
      • Package Store
        • Application Store Details
      • Package Management
      • Package Details
      • Package Assignments
        • Package Migration
      • Package Settings
      • Packaging Requests
        • Organic Packages
    • AVD Templates
  • Automation
    • Connecting Azure Automation
      • Required Permissions
      • Runbook Parameters
    • Runbooks
      • Runbook Customization
      • Runbook Permissions
      • Naming Conventions
      • Runbook Scheduling
      • Runbook Logs
        • Runbook Job Details
      • Runbooks Changelog
    • Requirements
    • Remediation Scripts
  • RealmJoin Agent
    • Features
      • Local Admin Password Solution (LAPS)
        • KeyVault
        • Application Insights
      • Notifications
      • AnyDesk Integration
        • AnyDesk configuration
      • App Deployment using the Agent
        • RealmJoin ESP
    • Deploying the Agent
    • User Interface
  • Logs
    • Connecting Azure Log Analytics Workspace
    • Audit Log
  • RealmJoin Settings
    • Overview
    • General
    • Roles and Permissions
      • Pre-defined Roles
      • Custom Roles
        • Available Permissions
    • Group Namespaces
    • Workplace Cloud Storage
    • Self Service Forms
  • Developer Reference
    • RealmJoin API
      • Authentication
    • Interacting with Runbooks
    • Simulating a Runbook Environment
    • Local Admin Password Management
  • Other
    • FAQ
      • Security
    • Troubleshooting
      • Package Installation Issues
        • Collecting Logfiles
        • Logfiles Structure
        • Analysing chocolatey.log
        • Troubleshooting failed chocolatey packages
        • Troubleshooting failed craft packages
        • Fixes for common issues
        • Intunewin Debugging
      • LAPS Issues
        • LAPS account passwords cannot be retrieved
        • Requested LAPS Accounts are not being created
    • Changelog
  • Legal
    • Licensing
    • Support
  • RealmJoin Website
Powered by GitBook
On this page
  • Overview
  • Create an Application Registration
  • Grant Permissions
  • Create and Upload a Dev-Certificate
  • Usage

Was this helpful?

Edit on GitHub
  1. Developer Reference

Simulating a Runbook Environment

To develop new runbooks, you might need to enable RealmJoin.RunbookHelper to authenticate as if you were running inside a Runbook.

Last updated 9 months ago

Was this helpful?

Overview

Create an Application Registration

We create an Azure Application Registration to simulate the application-style signin to Microsoft Entra.

Grant Permissions

Replace {AppRegObjectId} with the object ID of your application registration.

git clone https://github.com/hcoberdalhoff/approle-and-directoryrole-granter.git
cd "approle-and-directoryrole-granter\RealmJoinVnext"
. .\AllInOne.ps1 -appRegObjectId "{AppRegObjectId}"

Create and Upload a Dev-Certificate

The {AppID} refers to the Application Regsitrations App / Client ID.

If you don't have a specific subscription ID, just use a default subscription from your tenant. (It doesn't matter in most cases.)

New-SelfSignedCertificate -Subject 'CN=AzureRunAsConnection, OU={AppID}, DC={TenantID}, O={SubscriptionID}' `
    -CertStoreLocation "cert:\CurrentUser\My" -NotAfter (Get-Date).AddYears(10) -KeySpec Signature | `
    Export-Certificate -FilePath "AzureRunAsConnection.cer"

You will get a file AzureRunAsConnection.cer that you upload to the Application Registration secrets.

If you want to serve multiple apps / environments, you can replace the default "AzureRunAsConnection" inCN=AzureRunAsConnection with a custom name when creating the certificate for that environment.

You can then select which the environment/certificate (e.g. "OtherEnv") to connect using Connect-RjRbGraph -AutomationConnectionName "OtherEnv"

This way you can access multiple environments from the same machine.

Usage

Just use Connect-RjRbGraph to authenticate to the app.

Make sure to remove older Dev-Certificates using mmc.exe from your set of personal certificates if present to avoid conflicts/login failures.

We will grant the same permissions as the managed identity would have. We will use the same for this purpose.

See for a sample on how to create a RunbookHelper Dev-Certificate. Replace {Variables} accordingly.

AppRoleGranter Toolkit
here
Create an App Registration
Certificate upload