Integrate with Azure

CloudCreator provides reporting and governance across multiple technologies. This includes the Azure and AWS services you purchase through CCL. Find out more here: About Azure Integration

 

To integrate your Azure provider subscription with CloudCreator, you'll need to complete the following stages, described below:


Stage One: Complete the Application Registration in Azure

Application registration in Azure is tied to a single subscription that includes an Application ID and Secret Key. These are used for inbound API calls to Azure to adopt the permissions assigned by the user who has set up the application registration. As a user's role in Azure is at provider level, not subscription level, one user can have the same access across multiple subscriptions. 

 

Steps

1. Sign in to the Azure public portal at portal.azure.com. This can also be done by a client user, or a CCL RADAR team member on your behalf. 

 

 

2. In the Microsoft Azure dashboard, select Azure Active Directory from the left-hand menu.

 

 

3. In the App registrations screen, select App registrations > New registration.

 

 

4. In the Register an application window, add a Name for your application and click Register.
 
Note: The other options on this screen are set to the default and do not need to be changed.
 

 

 
 

5. In the Overview screen for your application, the name of your application will display at the top left. You'll see in the screenshot below that ours is called 'AzureTest'.

 
6. Copy the Application ID as you will need to record this in CloudCreator as part of Stage Two below. 

 

 
 
7. In the left-hand toolbar, select API Permissions > Add a permission.
 
 
 
8. In the Request API permissions window, select Azure Service Management.
 
 
 
9. In the Request API permissions screen, select the user impersonation checkbox and click Add permissions.
 
 
 
10. In the Configured permissions screen, you'll see that 'user_impersonation' has been added as an API permission. 
 
 
11. You will also receive a notification confirming the permissions have been updated. To view, select the bell icon    at the top right of your screen.
 

 
 
12. In the left-hand menu, select Certificates & secrets > New client secret.

 

 
 
13. In the Add a client secret screen, add a name in the Description field to identify what the key is being used for. 
 
14.  Select an Expire option and click Add.  Note: It is recommended that the App is set to 'never' expire.
 
 
 

15. The secret key appears (only at the time of creation). Use the copy icon to copy the secret key value, to record it into CloudCreator as part of Stage Two below.

 

See: Stage Two: Record the Application Registration in CloudCreator.

 

 

Stage Two: Record the Application Registration in CloudCreator

Once you have completed the Application Registration above, you need to record it in CloudCreator.

 

CloudCreator will check that the combination of Subscription ID plus Application ID are unique (within the CloudCreator Parent Cloud). However, the same Application ID details can be loaded against multiple CloudCreator clouds. If another user completes an Application Registration in Azure, they will have a separate Application ID and these can both be loaded into CloudCreator. 

 

Before you begin

Before you begin, make sure you have the following information:

 

Information required How to find
Application ID

To view, select the Overview screen for your application:

 

Application Secret Key This is the secret key value you copied in Stage One above.
Tenant Domain

This is the information that follows the '@' in your Azure Id.

 

Example: In xxx@yyyy.onmicrosoft.com, the Tenant Domain is yyyy.onmicrosoft.com.

 

Follow these steps to view your Tenant Domain:

 

1. From the Microsoft Azure Dashboard, select Azure Active Directory in the left-hand menu.

 

 

2. The tenant domain information will display:

 

Subscription ID

Follow these steps to find your Subscription ID:

 

1. At the top of the Microsoft Azure Dashboard, type 'subscription' into the search bar. Select Subscriptions to view.

 

 

2. The Subscriptions screen displays the Subscription ID. Select the subscription you want to link to CloudCreator. 

 

Note: Take a note of the Subscription ID as this will be needed later. 

 

 

3. From the Azure portal, select Access control (IAM).

 

 

Role Assignment

To grant access to an Azure resource, you must add a role assignment. Follow these steps to assign a role. 

 

1. From the Azure portal, select Access control (IAM).

 

 

2. Select Add > Add role assignment

 

 

3. The Add role assignment window appears. Complete the fields as follows:

  • In the Role field select Reader
  • Select where you want to Assign access to. 
  • In the Select field add your AppID from the previous step, or search for the name you created earlier. 

 

 

4. Click Save to assign the role.

 

 

Steps

Follow the steps below to record the Application Registration in CloudCreator.

 

1. Login to CloudCreator.
 

2. Click the Virtual Clouds icon   in the sidebar.

 

3. If your company is using multiple virtual clouds, click the cloud name at the top of your screen. Select either a Parent or Child cloud from the dropdown menu.
 

 

4. From the Summary screen, click the Providers tab.

 

 

5. In the Providers screen, click the Link Provider button.

 

 

6. In the Link Provider Account screen, select Microsoft Azure from the dropdown menu.

 

 

7.  Complete the fields and click Link to confirm.

 

 

8. A notification will appear at the top of your screen to confirm that your subscription has been created. The event will also appear in the Recent Events panel.

 

9. The Azure resource tile will appear on your dashboard. Now that you've completed the Application Registration you need to Link, Unlink and Modify Accounts to Azure in CloudCreator.


 

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.