Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 This Azure AD application will allow our service to list (with limited read access) your configuration in order to discover resources and APIs.

Step 1: Create new Azure AD Application

To create this new Azure AD application, open a new tab and:

  1. Login to your account in the Azure Portal
  2. Navigate to the All Services page
  3. Select "Azure Active Directory" in the Security category
  4. Select App Registrations from the left menu
  5. Click "New Registration" and enter the following values into the form:
    • Name: DataTheorem
    • Account type: "Accounts in this organizational directory only"
    • Redirect URI: https://securetheorem.com/
  6. Click Create

Step 2: Assigning the reader role to the Azure AD application

Now that we have a new Azure AD application we need to assign read-only access:

  1. Navigate to the All Services page
  2. Select "Subscriptions" in the General category
  3. Select the subscription that you want to give Data Theorem access to
    • If you have multiple subscriptions, you will need to repeat this process for each subscription that you would like Data Theorem to have access to.
  4. Select Access Control (IAM)
  5. Select Add, then from the dropdown select Add Role Assignment
  6. Enter the following values into the form:
    • Role: Reader
    • Assign Access to: Azure AD user, group, or service principal
    • Select: "DataTheorem" app registration (created in the previous step)
  7. Click Save

Step 3: Getting the Azure AD application credentials

After creating the read-only role we need to copy over the credentials so Data Theorem can access your environment. Once done you should have the following:

  • Application ID
  • Directory ID 
  • Secret key (DO NOT share with anyone else)

Obtaining your Application ID, Directory ID and secret key

  1. Go back to the "Azure Active Directory" configuration page

  2. Select App Registrations

  3. Search for and select the app registration "Data Theorem" (this was created in an earlier step)

    • If you can't find it on the list, make sure you are viewing All Apps and not just Owned Apps.
  4. In Overview:

...

  1. Click on "Certificates and secrets"

  2. Click on "New client secret"

    • Description: “apikey”
    • Expires: “Never”
  3. Click Add

  4. Copy out the generated client secret, under the "Value" column.

Extra References