Automate Seamless SSO Kerberos decryption key rollover AZUREADSSOACC
Currently to automate the Kerberos SSO decryption key rollover for AZUREADSSOACC , we would need to store domain admin and tenant global admin credentials in a script or scheduled task.
This is obviously not ideal. We currently having to perform the rollover task manually each month.
Please look at how this process could be improved for automation.
NL
shared this idea
Hi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that’s how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!
Jairo Cadena
Principal Program Manager
Microsoft Identity
65 comments
-
James Macey
commented
It's been almost 4 months since this was "Started".
Please can we have an update. -
D. van Boven
commented
Is there any news regarding the Kerberos rollover?
-
Matthew Booker
commented
This feature is desperately needed.
-
MCS UK Infra
commented
Please provide an update on automating this kerberos renewal process.
-
covacianton
commented
am fost odata conectat pe tweet
-
ianc
commented
Microsoft says "La de da! Did someone ask for something?"
-
Anonymous
commented
In the mean time, have look at https://www.insentra.com.au/neil-hoffmans-rotating-the-azure-ad-seamless-sso-kerberos-key-manually-part-2-of-2/
(I did not try this myself, so you are on your own), but it uses a regular on prem account (no domain admin) with just the rights on the AZUREADSSOACC computer account) and a global administrator account, because that's what you need (until we can create AAD custom roles?). But the credentials are stored securely using the Azure Automation Credential Assets feature. -
Phil
commented
Voted - this is definitely needed
-
Joanne
commented
Hi Jario,
Any updates on the automation?
thanks
-
Mikey
commented
Automate Seamless SSO needed feature. When will it be available to the "public"?
-
Anonymous
commented
+1 asap please. We shouldn't have to automate it via an unsecured GA account.
-
Paweł Zieliński
commented
Vote up
This should be automatic. Most Azure users are not even aware it is a security issue. -
Giuseppe
commented
Any update on this? It is ridiculous that is not automatic!!!!!
-
PR
commented
Why no update on this
its seem obvious it must be automatic !
-
NL
commented
This seems like a no-brainer, I can't believe 18 months have past since I posted this feedback and it has apparently gone nowhere.
-
MCS UK Infra
commented
Please add this, seems like 2 years now since this feature was available and the manual monthly work on this is less than ideal
-
Jairo Cadena
commented
Hi everyone,
Thanks for your interest on this feature. This capability is still in the pipeline. The initial estimate was obviously off and we are looking at a new timeline. We are aware of the benefit of having this rollover made automatic and the interest you have on the feature, and that's how we are looking at it while prioritizing it against other capabilities requests.
Thanks for your patience!
Jairo Cadena
Principal Program Manager
Microsoft Identity -
Anonymous
commented
Update Please!
-
David van Boven
commented
Is there any news regarding the Kerberos rollover?
-
Matt
commented
Update please.