...
This Azure AD application will allow our service to list (with limited read access) your configuration in order to discover resources and APIs.
Step 1: Create new Azure AD Application
To create this new Azure AD application, open a new tab and:
- Login to your account in the Azure Portal
- Navigate to the All Services page
- Select "Azure Active Directory" in the Security category
- Select App Registrations from the left menu
- Click "New Registration" and enter the following values into the form:
- Name: DataTheorem
- Account type: "Accounts in this organizational directory only"
- Redirect URI: https://securetheorem.com/
- Click Create
Step 2: Assigning the reader role to the Azure AD application
Now that we have a new Azure AD application we need to assign read-only access:
- Navigate to the All Services page
- Select "Subscriptions" in the General category
- Select the subscription that you want to give Data Theorem access to
- If you have multiple subscriptions, you will need to repeat this process for each subscription that you would like Data Theorem to have access to.
- Select Access Control (IAM)
- Select Add, then from the dropdown select Add Role Assignment
- Enter the following values into the form:
- Role: Reader
- Assign Access to: Azure AD user, group, or service principal
- Select: "DataTheorem" app registration (created in the previous step)
- Click Save
Step 3: Getting the Azure AD application credentials
After creating the read-only role we need to copy over the credentials so Data Theorem can access your environment. Once done you should have the following:
- Application ID
- Directory ID
- Secret key (DO NOT share with anyone else)
Obtaining your Application ID, Directory ID and secret key
Go back to the "Azure Active Directory" configuration page
Select App Registrations
Search for and select the app registration "Data Theorem" (this was created in an earlier step)
- If you can't find it on the list, make sure you are viewing All Apps and not just Owned Apps.
In Overview:
...
Click on "Certificates and secrets"
Click on "New client secret"
- Description: “apikey”
- Expires: “Never”
Click Add
Copy out the generated client secret, under the "Value" column.