services / Azure / APIM user accounts
Registered developer-portal user accounts within an API Management service instance, identifying developers who consume the published APIs.
User records include identifying attributes (name, email, state) and gate developer-portal access; they are identities but scoped to the APIM developer portal, not Azure RBAC.
Microsoft.ApiManagement/service/users/generateSsoUrl/action
Returns a redirection URL embedding an authentication token that signs the caller into the developer portal AS the target user, yielding usable credential material and account takeover.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog