One of the frequent questions I have been asked after my post:
Using Microsoft Forms and Logic App to create an automated submissions and approval process for Azure AD User Creation
http://terenceluk.blogspot.com/2023/04/using-microsoft-forms-and-logic-app-to.html
… was whether there is a more secured way to include the password of the newly created user in an email rather than just pasting it into the confirmation email. The main reason why I chose to include the password in plain text is because the password is temporary and would require the user to change upon successfully log on. Nevertheless, I’ve always preached that passwords should never be included in email so I would like to provide an alternate way to better the protection with the included the password.
The method I would recommend is to use a service such as OneTimeSecret that allows you to provide a link to a page that provides the password and this link can only be opened once and it has an expiry. The following is a PowerShell script that can be used in an Automation Account with a webhook that receives a passed password, uses OneTimeSecret to create a link, then return that link.
The PowerShell script can be found at my following GitHub repo: https://github.com/terenceluk/Azure/blob/main/PowerShell/Generate-OneTimeSecret-URL.ps1
No comments:
Post a Comment