Info |
---|
This article explains how to set up a Cloudaware application in Microsoft Azure. Ensure you have the necessary permissions in the Azure portal. |
...
Select the created Azure application (in this guide, cloudaware-api-access).
Go to 'API permissions'→ +Add a permission.
Select the tab 'Microsoft APIs'.
For Azure Service Management:
Select the tile 'Delegated permissions' → check the box 'user_impersonation. Access Azure Service Management as organization users (preview)'. Click Add permissions.
For Microsoft Graph:
Select the tile 'Delegated Permissions'* → Directory → check the box Directory.Read.All. Click Add permissions.
Select the tile 'Application Permissions' → Directory → check the box Directory.Read.All. Click Add permissions.
*Note that User → User.Read (Sign in and read user profile) permission is added by default when the application is created.
...
Note |
---|
Microsoft takes up to 30 minutes to populate the permissions added in previous steps. |
Add role assignments
Grant permissions at tenant or subscription level:
Tenant level |
---|
Assign permissions to the Tenant Root Group to allow Cloudaware to discover all subscriptions within the group automatically:
|
Subscription level |
Assign permissions to the specific subscription(s) for Cloudaware to access and discover only those:
The steps 1-5 are required for each subscription that will be integrated into Cloudaware. |
Configure certificates & secrets
Certificate (recommended)
Select the application (in this guide, cloudaware-api-access).
Go to 'Certificates & secrets' → the tab 'Certificates' → Upload certificate.
Click Select a file → choose the certificate file*.
Note |
---|
*To get the certificate from Cloudaware, refer to Setup in Cloudaware → Add Azure Active Directory →Certificate. |
Click Add.
Once the certificate is uploaded, continue the configuration.
Client secret
Select the application (in this guide, cloudaware-api-access).
Go to 'Certificates & secrets' → the tab 'Client secrets' → +New client secret.
Set up the client secret:
Description: ca-api-key
EXPIRES: 730 days (24 months)
Click Add.
Click Copy to clipboard to save the secret value.
Once the key is created and saved, continue the configuration.
! Next step - Azure setup in Cloudaware