You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. Get the `objectId` associated with your Microsoft Entra entity.
90
-
91
-
- For a Microsoft Entra user account:
89
+
1. Get the `objectId` associated with your Microsoft Entra entity.
92
90
91
+
- For a Microsoft Entra group account:
92
+
93
93
```azurecli
94
94
AAD_ENTITY_OBJECT_ID=$(az ad signed-in-user show --query id -o tsv)
95
95
```
96
96
97
+
- For a Microsoft Entra single user account:
98
+
99
+
```azurecli
100
+
AAD_ENTITY_OBJECT_ID=$(az ad signed-in-user show --query userPrincipalName -o tsv)
101
+
```
102
+
97
103
- For a Microsoft Entra application:
98
104
99
105
```azurecli
@@ -119,12 +125,18 @@ On the existing Arc-enabled cluster, create the ClusterRoleBinding with either M
119
125
120
126
1. Get the `objectId` associated with your Microsoft Entra entity.
121
127
122
-
- For a Microsoft Entra user account:
128
+
- For a Microsoft Entra group account:
123
129
124
130
```azurepowershell
125
131
$AAD_ENTITY_OBJECT_ID = (az ad signed-in-user show --query id -o tsv)
126
132
```
127
133
134
+
- For a Microsoft Entra single user account:
135
+
136
+
```azurepowershell
137
+
$AAD_ENTITY_OBJECT_ID = (az ad signed-in-user show --query userPrincipalName -o tsv)
138
+
```
139
+
128
140
- For a Microsoft Entra application:
129
141
130
142
```azurepowershell
@@ -133,7 +145,7 @@ On the existing Arc-enabled cluster, create the ClusterRoleBinding with either M
133
145
134
146
1. Authorize the entity with appropriate permissions.
135
147
136
-
- If you're using Kubernetes native ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. For example:
148
+
- If you're using native Kubernetes ClusterRoleBinding or RoleBinding for authorization checks on the cluster, with the `kubeconfig` file pointing to the `apiserver` of your cluster for direct access, you can create one mapped to the Microsoft Entra entity (service principal or user) that needs to access this cluster. For example:
0 commit comments