How to give Orchestrator API access to your Azure account

You may need to get API access to your Azure subscription, either because you want to have a "BYOS" subscription of the Multi-Cloud Orchestrator, or you want to deploy an Instant Cloud Solution from the marketplace.

This operation is structured in 3 parts:

  1. Select the Azure subscription to be used
  2. Register an App in the Azure Active Directory and retrieve subscription credentials
  3. Assign the new App in the Azure Active Directory the "contributor" role

Note: All 3 parts of the procedure must be successfully completed for the API access to be valid.

Credentials to be extracted

  • Tenant ID
  • Client ID
  • Client Password
  • Azure Subscription ID

Roles to be assigned

  • “Contributor” role to Azure Active Directory App

Select the Azure subscription to be used

  1. First, go to http://portal.azure.com navigate and login into to the Azure portal. Select All services from the main menu.

All Services

  1. A new window will pop-up with a list of services. Click on the Subscriptions section.

subscriptions

  1. Select the subscription. It will pop-up a new screen showing the required information.

subscriptionsView

  1. Highlight the Subscription ID and copy it.

subscriptionsID

Register an App in the Azure Active Directory and retrieve subscription credentials

Note: In order to get the Client ID and Secret, we need to create an Azure Active Directory application and service principal that can access resources.

  1. Click Azure Active Directory from the main menu.

azureActiveDirectory

  1. Click on the App registrations section.

appRegistrations

  1. Name the application, select a supported account type and a redirect URL if needed, and register the application.

RegisterApplication

appRegistrationPreview

Assign the new App in the Azure Active Directory the "contributor" role

  1. Select the Certificates & secret section.

Certificates

  1. Add a new client secret.

clientSecret

  1. Add the client secret you had created in the previous step and copy the value. *you must assign the application to a role

CreateSecret

SecretCreated

  1. Go back to the Subscriptions section (All services / Subscriptions), select the subscription and click on the Access control (IAM) section.

AccessControl

  1. Click on Add role assignment.

RoleAssignment

  1. Select the role you wish to assign to the application.(to allow the application to execute actions like reboot, start and stop instances, select the Contributor role).
  2. Then, start typing the application name in the Select input. Select the application from the results and save the assignment.

Role

Reference

How to: Use the portal to create an Azure AD application and service principal that can access resources