https://github.com/frodehus/entrarolereaper

Performs review of Entra ID users and their assigned roles based on least privilege principle and actual Entra ID operations performed within a time period.
https://github.com/frodehus/entrarolereaper

entra-id review-tools role-based-access-control security-tools

Last synced: 9 months ago
JSON representation

Performs review of Entra ID users and their assigned roles based on least privilege principle and actual Entra ID operations performed within a time period.

• Host: GitHub
• URL: https://github.com/frodehus/entrarolereaper
• Owner: FrodeHus
• License: apache-2.0
• Created: 2025-08-10T07:04:34.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-09-09T05:14:43.000Z (9 months ago)
• Last Synced: 2025-09-09T08:15:53.329Z (9 months ago)
• Topics: entra-id, review-tools, role-based-access-control, security-tools
• Language: TypeScript
• Homepage: https://rolereaper.reothor.no
• Size: 4.59 MB
• Stars: 25
• Watchers: 1
• Forks: 1
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

          
# ![logo](/web/public/entrarolereaper_logo.png) RoleReaper

[![.NET](https://github.com/FrodeHus/EntraRoleReaper/actions/workflows/dotnet.yml/badge.svg)](https://github.com/FrodeHus/EntraRoleReaper/actions/workflows/dotnet.yml)

Full-stack app to perform access reviews of Entra ID users.

- Backend: .NET 9 Minimal API, Microsoft Identity (OBO) + Microsoft Graph

- Frontend: Vite + React + TypeScript + Tailwind + shadcn/ui components

## What it does

Entra Role Reaper uses Entra audit log to find actual activities performed by user(s) and using mappings determine which least privilege roles the user actually should have.

See [Wiki](https://github.com/FrodeHus/EntraRoleReaper/wiki)

## Prereqs

- .NET SDK 9+ installed

- Node.js 18+ and pnpm or npm

- Entra ID tenant and ability to create app registrations