Azure Console Configurations for Tenant Connector

Below are the steps to follow to obtain your application ID and secret key for creating an Azure tenant connector.

Step 1: Create application in Azure Active Directory to get the application IDCreate application in Azure Active Directory to get the application ID.

Log in to the Microsoft Azure console and click Azure Active Directory on the left navigation pane.

Click App Registrations > New registration.

Provide the following details:

Name: A name for the application (e.g. My_Azure_Connector)

Supported account types: Accounts in this tenant directory only ( Single tenant)

Click Register. The newly created app registration is displayed with its properties. Copy the Application (client)ID and Directory (tenant) ID and paste them into the connector details.

Step 2: Provide permission to the new application to access the Windows Azure Service Management API and create a secret key.Provide permission to the new application to access the Windows Azure Service Management API and create a secret key.

Provide permissions

Login to Azure portal > Navigate to Active directory > App Registration > Select your created application and go to API permissions > Add permission.

Select Azure Service Management API in Microsoft APIs for Request API permissions.

Select user impersonation permission and click Add permissions.

Create a secret key

Select your created application and go to Certificates and Secrets > New client secret.

Add a description and expiry duration for the key (recommended: 180 days) and click Add.

The value of the key appears in the Value field.

Step 3: Grant permission for the application to access subscriptions. Assign a role to the new application. The role you assign will define the permissions for the new application to access subscriptions.Grant permission for the application to access subscriptions. Assign a role to the new application. The role you assign will define the permissions for the new application to access subscriptions.

On the Azure portal, navigate to Management Groups.

Select the tenant or individual management groups to grant permission to the application. To grant permission to the application you created, choose Access Control (IAM).

Navigate to Add > Add a role assignment. Pick a Reader role. A Reader can view everything but cannot make any changes to the resources of a subscription.

Navigate to Add > Add a custom role > Provide custom role name (mandatory) and description > Start from scratch.

Click Add Permissions and search for (Microsoft.Management/managementGroups/read) > Select the checkbox under permission > click Add.

Similarly add another permission > Click Add Permission and search for (Microsoft.Management/managementGroups/subscriptions/read) > Select the checkbox under permission > click Add.

After adding both permissions > click review+create > Click Create.

Go back to IAM > add a role assignment > select your custom role > Next.

Click select members > search for your application > click review+assign.

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.