PostgreSQL
      Back to home
      1. Knowledge Base
      2. Azure Knowledge Base
      3. PostgreSQL

      Azure Active Directory Admin Disabled

      Risk Level: Medium

      Description:

      This plugin ensures that all PostgreSQL servers have Active Directory admin enabled. Key rotation and permission control for all servers can be managed in one place using Azure Active Directory authentication. Configuring an Active Directory administrator is one way to accomplish this. Set up an Active Directory admin for PostgreSQL database servers.

      About the Service :

      The PostgreSQL Community Edition database engine powers Azure Database for PostgreSQL, a relational database service in the Microsoft cloud. Azure Database for PostgreSQL includes built-in quality, data protection, and automated maintenance for the underlying hardware, operating system, and database engine, among other features.

      Impact: 

      Without Azure AAD authentication, the identities of the PostgreSQL database users cannot be managed in one central location, making it hard to access permission management. Apart from this, you lose other benefits of using AAD such as uniform authentication across azure services, tools for management of password policies and password rotation, etc.

      Steps to reproduce :

      1. Sign in to Azure Management Console.
      2. Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
      3. From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
      4. Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
      5. In the navigation panel, select Active Directory Admin.
      6. If it says “ No Active Directory Admin ”, then there is no Active Directory administrator configured to handle authentication for the selected Azure PostgreSQL database server.
      7. Repeat steps no. 3 – 6 for each PostgreSQL database server provisioned in the current Azure subscription as well as in other subscriptions in your Microsoft Azure cloud account.

      Steps for remediation :

      1. Sign in to Azure Management Console.
      2. Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
      3. From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
      4. Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
      5. In the navigation panel, select Active Directory Admin.
      6. Click on Set Admin option.
      7. Now choose the "Azure Active Directory (AAD) administrator" from the list.
      8. Click on Select.
      9. Click on Save.
      10. Repeat steps no. 3 - 9 to reconfigure other PostgreSQL database servers provisioned in all your Azure subscriptions. 

      References:

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support