services / Azure / APIM identity providers
Identity provider configurations for an Azure API Management service, defining the external/federated authentication sources (AAD, OAuth, social logins) used to authenticate to the developer portal.
These configurations govern who can authenticate to the API Management portal and management surface; their secrets are usable IdP credentials.
Microsoft.ApiManagement/service/identityProviders/write
Creating/updating an IdP lets an attacker redirect authentication to an attacker-controlled IdP or add a trusted source, manipulating and weakening the auth mechanism and admitting attacker-controlled identities.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security