Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 This Azure AD application will allow our service to list (with limited read access) your configuration in order to discover resources and APIs.

...

Step 1: Create new Azure AD

...

Application

To create this new Azure AD application, open a new tab and: 

  1. Login into your Azure Account through to your account in the Azure Portal
  2. Navigate to the All Services page
  3. Select "Azure Active Directorypage" in the Security category
  4. Select App registrationsSelect New application registrationFor the Name field enterDataTheoremFor the Application type field select Web appFor the Sign-on URL field enterRegistrations from the left menu
  5. Click "New Registration" and enter the following values into the form:
    • Name: DataTheorem
    • Account type: "Accounts in this organizational directory only"
    • Redirect URI: https://securetheorem.com/
  6. Click Create

...

Step 2: Assigning the reader role to the Azure AD application

Now that we have a new Azure AD application we need to assign read-only access. :

  1. Navigate to the All servicesServices page
  2. Select "Subscriptions" in the General category
  3. Select the subscription that corresponds to the environment that you want to give Data Theorem access to
    • If you have multiple subscriptions, you will need to repeat this process for each subscription that you would like Data Theorem to have access to.
  4. Select Access control Control (IAM)
  5. Select Add and , then from the dropdown select Add role assignmentFor the Role field select ReaderFor the Assign access to field select Role Assignment
  6. Enter the following values into the form:
    • Role: Reader
    • Assign Access to: Azure AD user, group, or service principal
    For the Select field select the previously created App registration “DataTheorem”
    • Select: "DataTheorem" app registration (created in the previous step)
  7. Click Save

Step 3: Getting the Azure AD application credentials

After creating the read-only role we need to copy over the credentials so Data Theorem can access your environment. Once done you should have the following:

  • Directory Application ID
  • Application Directory ID 
  • Authentication Secret key (DO NOT share with anyone else)

Obtaining your Application ID, Directory ID and secret key

  1. Navigate

    Go back to the "Azure Active Directory" configuration page

  2. Select

    PropertiesCopy out the Directory ID, this is also known as your Tenant ID

Obtaining your Application ID and Authentication key

  1. Navigate to the Azure Active Directory pageSelect App registrationsMake

    App Registrations

  2. Search for and select the app registration "Data Theorem" (this was created in an earlier step)

    • If you can't find it on the list, make sure you are viewing All
    apps
    • Apps and not just
    My appsSearch for “DataTheorem”Select the app registration “Data Theorem”
    • Owned Apps.
  3. In Overview:

  • Copy out the Application (client) ID.
  • Copy out the

...

  • Directory (tenant) ID

...

  • .
  1. Click on "Certificates and secrets"

  2. Click on "New client secret"

    • Description: “apikey”
    • Expires: “Never”
  3. Click Add

  4. Copy out the generated

    Authentication key for the “DataTheorem” entry

 

  1. client secret, under the "Value" column.

Extra References

...