Sign up for FreeKnowledge Base

🔷Microsoft Azure

Installing P0 IAM management on Microsoft Azure takes about 10 minutes.

This guide walks you through installing and configuring P0’s Azure integrations:

  • IAM Management for Just‑in‑Time (JIT) access

  • SSH access to Azure Virtual Machines via Bastion

Before you begin

  • Choose one Entra ID directory on which you want to install P0

  • Choose at least one subscription on which to install P0.

  • Make sure you have the ability to create new app registrations as well as new roles and role assignments. You can do this if you have the Owner role attached to your user.

Get Started

Navigate to "Integrations" on p0.app, then select "Azure". You will be prompted to enter the ID of the Entra Tenant you want to install P0 on.

P0 Security Azure Directory Field

Step 1 — Install the Azure App Registration

The App Registration establishes the base service identity P0 uses in your tenant. Additional permissions will be granted to this identity as you add integrations.

  1. Select Azure App Registration

  1. Choose either Shell or Terraform and run the generated steps to create the App Registration in your tenant

When the commands complete successfully, the App Registration is installed.

Install IAM Management (Just-in-Time Access)

Install IAM Management to enable Just‑in‑Time access to Azure resources.

  1. In the Azure integration, select IAM Management

  1. Run the Shell or Terraform steps shown

After these commands finish, JIT access through P0 is set up for the given subscription.

Configure SSH Management (via Bastion)

Once JIT is configured, you can also enable secure SSH access to VMs in your Azure environment. This requires two parts:

  • Bastion Host configuration under the Azure integration

  • SSH Management setup under Integrations → SSH

  1. In the Azure integration, select Bastion Host

  1. Click Add subscription

  1. Verify that you see the subscription you used for IAM Management

  1. Run the Shell or Terraform steps to grant the required Bastion permissions

  1. When prompted, provide the Bastion Host ID

  • In the Azure Portal, go to the Bastions service, select your Bastion resource, and copy its Resource JSON to obtain the ID

At this point, the Bastion Host configuration is complete.

Install SSH Management

  1. In P0, open Integrations → SSH

  1. Click Add account

  2. Select the Azure Subscription you added during IAM Management setup

  1. Run the install commands

Optional settings

  • Grouping tag: specify a tag to enable group SSH access requests

  • Allow sudo: toggle whether users can request sudo on target nodes

If you enable sudo, run the additional Shell steps shown to configure sudo access

When these steps are complete, SSH Management is installed.

IAM Assessment (Coming Soon)

Support for IAM Assessment is planned and will appear in the Azure integration when available.

PreviousFunction CallerNextRequesting Access

Last updated