Skip to main content
Version: Insiders

Overview

Welcome to your EasyLife 365 Identity learning journey! In this guide, we’ll help you understand how the notification system works and how task management influences these notifications when working with the EasyLife 365 Identity Insiders.

As you go through this learning path, we will explore how EasyLife 365 Identity Insiders handles the following scenarios and how they impact notifications:

  • Scenario 1: Ownerless apps and apps with owners
  • Scenario 2: Apps with assigned tasks

While scans typically occur every Monday, for the purpose of this learning journey, you'll be able to run scans on demand, allowing you to complete a full cycle in about an hour.

Prerequisites

Before diving into this exercise, ensure you have:

  • Completed the Onboarding.
  • Access to the Notifications Email Address (supplied during the onboarding process) to receive notifications for expiring credentials and app registrations that have not been assigned to anyone.
  • Logged into the EasyLife 365 Admin Insiders (https://admin.insiders.easylife365.cloud/identity/) to configure the types.
  • Logged into the EasyLife 365 Identity Insiders (https://identity.insiders.easylife365.cloud/) to be able to create tasks and track expiring credentials, App Registrations and Enterprise Applications.
  • An account that acts as App Owner and an Account that acts as Task Assignee.
  • Installed the EasyLife 365 Identity Teams app.
info

To test Teams notifications, make sure the Teams notification feature is enabled in the notification settings.

Creating App Registrations

One of the key features of EasyLife 365 Identity Insiders is its ability to track certificates and secrets for App Registrations and send notifications when they are approaching expiration. In this exercise, we will guide you through creating two basic App Registrations in your Entra ID tenant, along with associated secrets. Afterward, we will walk you through various scenarios for handling expiration notifications.

warning

To proceed with these activities, your account must have the necessary permissions to create App Registrations.

Creating the EasyLife Identity Learning App 1

  1. Log in to the Entra ID Portal and navigate to the App Registrations blade. Click New Registration.
  2. Provide a display name for your application. This name will be visible to users. For this exercise, use EasyLife Identity Learning App 1.
  3. Create the App Registration by clicking Register.
  4. After registering the app, switch to EasyLife 365 Identity Insiders to manage credentials and ownership:
    • Go to App Registrations > All, search for EasyLife Identity Learning App 1.
    • Click to open the app.
    • Navigate to the Secrets tab.
    • Click Generate new, enter a description (EasyLife365 Identity Learning Secret 1), and set expiration to 3 days from now.
    • Click Let’s do it to add the secret.
    • Navigate to the Owners tab.
    • Click the + (Add owner) button to assign an owner to the application.
    • Navigate to the Certificates tab and click Add certificate to upload a certificate if needed.

Creating the EasyLife Identity Learning App 2

  1. Log in to the Entra ID Portal, navigate to App Registrations, and click New Registration.
  2. Name it EasyLife Identity Learning App 2, then click Register.
  3. Once the app is created, complete the rest in EasyLife 365 Identity Insiders:
    • Search and open the app in EasyLife 365 Identity Insiders.
    • Go to the Secrets tab and click Generate new.
    • Add EasyLife365 Identity Learning Secret 2 and set it to expire in 3 days.
    • Repeat the process to add EasyLife365 Identity Learning Secret 3 with the same expiration.
    • Assign an owner by going to the Owners tab and clicking + (Add owner).
    • Upload a certificate in the Certificates tab using the Add certificate button.

Once the apps are created, you can verify them in EasyLife 365 Identity Insiders:

  1. Open EasyLife 365 Identity Insiders.
  2. Go to App Registrations > All.
  3. In the search bar, type EasyLife Identity Learning App 1.
  4. Click on the app to view its details and associated credentials.
  5. Repeat the process for EasyLife Identity Learning App 2.

Scenario 1: Ownerless apps and apps with owners

In EasyLife 365 Identity Insiders, App Owners (when available) are the default recipients of notifications for any applications or credentials nearing expiration. App owners can assign tasks to other users to renew the credentials for the affected apps.

App Owners are users who are responsible for managing specific applications, certificates, and secrets within Azure Entra ID. They ensure:

  • Credentials are renewed before they expire.
  • Applications have the necessary permissions.
  • Proper access control is maintained.

In the following scenario we will look at the different types of notifications that will be sent out depending on whether an application has an owner or not. For the test we will use app registrations called EasyLife365 Identity Learning App 1 and EasyLife365 Identity Learning App 2. In this exercise, we will monitor these credentials and examine how they are handled within their current configuration. Here is a table that shows the current configuration.

App NameSecretsCurrent configuration
EasyLife365 Identity Learning App 1EasyLife365 Identity Learning Secret 1

- 1 secret set to expire

- 0 owners

- 0 tasks

EasyLife365 Identity Learning App 2

EasyLife365 Identity Learning Secret 2

EasyLife365 Identity Learning Secret 3

- 2 secrets set to expire

- 1 owner

- 0 tasks

To verify the behavior, initiate a scan by pressing Start scan under EasyLife 365 Admin Identity. After a few minutes, the results should be available.

AccountNotification Details
Shared Mailbox

One notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 1. In this case:

- EasyLife365 Identity Learning Secret 1

App owner

One Teams notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 2. In this case:

- EasyLife365 Identity Learning Secret 2

- EasyLife365 Identity Learning Secret 3

Scenario 2: Apps with assigned tasks

Tasks help track and manage actions such as renewing certificates, secrets, and application registrations, as well as assigning responsibility for credential renewals. Tasks can be:

  • Assigned to another user
  • Self-assigned

EasyLife 365 Identity Insiders allows users to carry out task management by assigning and editing closing tasks related to applications. Tasks can be self-assigned and assigned to a third party and once assigned user will appear in the My Task section of the respective user. The My Tasks page shows In Progress tasks as well as any closed tasks.

Assignment of Tasks to other Users

  • Go to EasyLife 365 Identity Insiders
  • Go to App Registrations > Expiring credentials
  • Search for EasyLife365 Identity Learning App 2 we created earlier and then click on Secrets
  • Go to EasyLife365 Identity Learning Secret 2 and click on the edit button
  • A modal window will show which will allow you to create as Task. You can complete the details as follows
    • Search for the user you want to assign the task to
    • Status: New
    • Comment: Ensure that the secret is renewed before expiry date
    • Save
  • Log into teams with Task Assignee’s account and in the My Tasks section you will see the tasks associated.
info

Before assigning tasks to a user, please ensure they have Owner permissions or the appropriate permissions to manage credentials in Entra ID. Without the necessary permissions, the user will be blocked from processing the task.

App NameSecretsCurrent configuration
EasyLife365 Identity Learning App 1EasyLife365 Identity Learning Secret 1

- 1 secret set to expire

- 0 owners

- 0 tasks

EasyLife365 Identity Learning App 2

EasyLife365 Identity Learning Secret 2

EasyLife365 Identity Learning Secret 3

- 2 secrets set to expire

- 1 owner

- 1 tasks assigned to Task Assignee

To verify the behavior, initiate a scan by pressing Start scan under EasyLife 365 Admin Identity. After a few minutes, the results should be available.

AccountNotification Details
Shared Mailbox

One notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 1. In this case:

- EasyLife365 Identity Learning Secret 1

The shared mailbox gets the EasyLife365 Identity Learning App 1 notification because this application does not have any owners, nor have any tasks been assigned to a user to attend to.

App Owner

One notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 2 but have not been assigned to a task. In this case:

- EasyLife365 Identity Learning Secret 3

App Owner gets this notification because she is an owner for the EasyLife365 Identity Learning App 2 app

Task Assignee

One notification listing the client secrets that are about to expire for EasyLife365 Identity Learning App 2 that have been assigned to the Task Assignee as a task. In this case:

- EasyLife365 Identity Learning Secret 2

Task Assignee gets this notification because there is an open task has been assigned to him

Self-assignment of Tasks

  • Go to EasyLife 365 Identity Insiders as EasyLife365 Identity Learning App 2 App Owner
  • Go to App Registrations > Expiring credentials
  • Search for the EasyLife365 Identity Learning App 2 we created earlier and then click on Secrets
  • Go to the EasyLife365 Identity Learning Secret 3 and click on the edit button
  • A modal window will show which will allow you to create as Task. You can complete the details as follows
    • Select Assign to myself
    • Status: New
    • Comment: Ensure that the secret is renewed before expiry date
    • Save
  • Go to My Task and you will see new Task has been assigned to App Owner.

To verify the behavior, initiate a scan by pressing Start scan under EasyLife 365 Admin Identity. After a few minutes, the results should be available.

AccountNotification Details
Shared Mailbox

One notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 1. In this case:

- EasyLife365 Identity Learning Secret 1

The shared mailbox gets the EasyLife365 Identity Learning App 1 notification because this application does not have any owners, nor have any tasks assigned to a user to attend to.

App Owner

One notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 2 but have been assigned to App Owner as a task. In this case:

- EasyLife365 Identity Learning Secret 3

App Owner gets this notification because there is an open task has been assigned to her.

Task Assignee

One notification listing the client secrets that are about to expire for EasyLife365 Identity Learning App 2 that have been assigned to Task Assignee as a task. In this case:

- EasyLife365 Identity Learning Secret 2

Task Assignee gets this notification because there is an open task has been assigned to him

Processed Tasks

Once the one has attended to their task in Entra ID the task status needs to be updated in the EasyLife 365 Identity Insiders and indicate that we have completed the assigned task.

Using App Owner’s account, go to EasyLife 365 Identity Insiders > My Tasks. There will be a list of assigned tasks in this case we should only see EasyLife365 Identity Learning App 2. The process is as follows:

  • Go to My Tasks
  • Click on edit button for EasyLife 365 Identity App
  • Go to Task Status and change the status to Closed
  • The tasks will no longer appear in the In progress tab of My tasks and will now appear in the closed tab.

Now we will initiate a scan by going to EasyLife 365 Identity. The current state of the two registered Apps is as follows:

App NameSecretsCurrent configuration
EasyLife365 Identity Learning App 1EasyLife365 Identity Learning Secret 1

- 1 secret set to expire

- 0 owners

- 0 tasks

EasyLife365 Identity Learning App 2

EasyLife365 Identity Learning Secret 2

EasyLife365 Identity Learning Secret 3

- 1 secret set to expire and task assigned to Task Assignee

- 1 secret task closed by App Owner

- 1 owner

- 1 tasks assigned to Task Assignee

To verify the behavior, initiate a scan by pressing Start scan under EasyLife 365 Admin Identity. After a few minutes, the results should be available.

MailboxNotification Details
Shared Mailbox

One notification listing all the client secrets that are about to expire for EasyLife365 Identity Learning App 1. In this case:

- EasyLife365 Identity Learning Secret 1

The shared mailbox gets the EasyLife365 Identity Learning App 1 notification because this application does not have any owners, nor have any tasks been assigned to a user to attend to.

App OwnerNo notification should be received since the expiring credential has a closed task
Task Assignee

One Teams notification listing the client secrets that are about to expire for EasyLife365 Identity Learning App 2 that have been assigned to Task Assignee as a task. In this case:

- EasyLife365 Identity Learning Secret 2

Task Assignee gets this notification because there is an open task has been assigned to him