Integrate with Azure Using Keyless Authentication

You can configure Tenable Attack Surface Management to pull data from Azure using keyless authentication.

Before you begin

• Configure Azure for Keyless Authentication.

  Note: You must add at least one Azure subscription, or the Tenable Attack Surface Management cannot validate the integration.

• Assign read-only permissions for the required subscriptions or resource groups. You can use the Azure-defined Reader role.

• Make sure that you have the following:

  • Application ID or the Client ID of the Managed Identity, which you can copy when configuring Azure for keyless authentication.

  • Tenant ID

To integrate AWS with Tenable Attack Surface Management using keyless authentication:

1. In the upper-right corner, click the button.

   The All Integrations page appears.

2. Do one of the following:

   • In the All Integrations page, click Add > Azure - Keyless.

   • In the upper-right corner, click Add > Azure - Keyless.

   • In the bar above the table, click Add > Azure - Keyless.

     The Add Azure - Keyless Integration window appears.

3. Check if the subject identifier appears by default. Copy the Subject identifier to configure Azure for keyless authentication. For more information, see Configure Azure for Keyless Authentication.

4. In the Name box, type a name for the integration.

5. In the Tenant ID box, provide the tenant ID.

6. In the Application ID box, provide the application ID or the client ID of the managed identity.

7. Click Add.

   Tenable Attack Surface Management adds the integration.