HashiCorp Vault Authentication with Azure Active Directory

In this video, we discuss and demo #HashiCorp #Vault authentication with #Azure Active Directory (AAD). Our setup is as follows:
- We have 2 Vault clusters in AWS. One is a primary cluster and the other is a disaster recovery (DR) cluster.
- Both clusters are made up of 3 Vault nodes each.
- Integrated storage is used for the backend storage.
- A public-facing network load balancer is used in AWS connecting to all 6 Vault nodes.
- The 3 Vault nodes in the DR cluster will appear as unhealthy to the load balancer which is fine because they are in standby mode and can't server traffic.
- The load balancer is in pass-through mode for TLS so TLS is terminated straight on the Vault nodes themselves. This is a good practice to consider so that there is no man-in-the-middle decrypting traffic.

Here is the workflow for user authentication:
- A user hits a Vault node via the load balancer and goes to the authentication page in the UI or logs in via the CLI.
- The user then chooses the OIDC authentication method
- Vault reaches out to AAD to authenticate the user
- AAD authenticates the user and redirects them back to Vault via the load balancer
- The user is now logged into Vault and is allowed to access secrets defined in the policy attached to the OIDC role.

▬▬▬▬▬▬ T I M E S T A M P S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:18 - Setup
04:26 - Demo
07:40 - Configuration Walk-through
11:25 - Conclusion

▬▬▬▬▬▬▬▬▬ Courses ? ▬▬▬▬▬▬▬▬
- TeKanAid Academy Subscription ► https://bit.ly/subscription-premium
- Terraform 101 - Certified Terraform Associate ► https://bit.ly/hc-terraform-101
?️ Get 15% off of my Terraform 101 Course with this coupon ► YOUTUBE15TF101
- HashiCorp Vault 101 - Certified Vault Associate ► https://bit.ly/hc-vault101
?️ Get 15% off of my Vault 101 Course with this coupon ► YOUTUBE15VAULT101
- HashiCorp Vault 201 - Vault for Apps in Kubernetes ► https://bit.ly/hc-vault-201

▬▬▬▬▬▬▬▬ Useful Links ? ▬▬▬▬▬▬▬
- OIDC Provider Configuration for AAD ► https://www.vaultproject.io/docs/auth/jwt/oidc_providers#azure-active-directory-aad
- GitHub Repo ► https://github.com/samgabrail/vault-raft-aws-dr/blob/master/PoV_Scripts/VE-AUTH-OIDC-AZUREAD-007.sh

▬▬▬▬▬▬▬▬ Community ? ▬▬▬▬▬▬▬▬▬
- TeKanAid Community Forum ► https://tekanaid.com/community

▬▬▬▬▬▬▬▬ Connect ? ▬▬▬▬▬▬▬▬▬
Website ► https://bit.ly/TeKanAid_Website
Facebook Page ► https://bit.ly/TeKanAid_Facebook
Don't forget to subscribe ► https://bit.ly/TeKanAid_YouTube_Subscribe
MEDIUM ► https://bit.ly/Sam_Medium
TWITTER TeKanAid ► https://bit.ly/TeKanAid_Twitter
TWITTER Sam ► https://bit.ly/Sam_Twitter
LINKEDIN TeKanAid ► https://bit.ly/TeKanAid_LinkedIn
LINKEDIN Sam ► https://bit.ly/Sam_linkedin



In this course you will get to:

⭐ Learn everything you need to know about Vault to ace the Vault Associate Exam
⭐ 8+ hours of video content
⭐ Instructor has his camera on making you feel that you're right in the classroom
⭐ Hand-drawn animated diagrams to help you grasp the topics better
⭐ Lots of hands-on labs to learn by doing
⭐ English closed captions that are searchable so you won't miss a word
⭐ Quizzes to help you grasp the material well
⭐ Join our Community