...
This Azure AD application will allow our service to list (with limited read access) your configuration in order to discover resources and APIs.
...
Step 1: Create new Azure AD
...
Application
To create this new Azure AD application, open a new tab and:
- Login into your Azure Account through to your account in the Azure Portal
- Navigate to the All Services page
- Select "Azure Active Directorypage" in the Security category
- Select App registrationsSelect New application registrationFor the Name field enterDataTheoremFor the Application type field select Web appFor the Sign-on URL field enterRegistrations from the left menu
- Click "New Registration" and enter the following values into the form:
- Name: DataTheorem
- Account type: "Accounts in this organizational directory only"
- Redirect URI: https://securetheorem.com/
- Click Create
...
Step 2: Assigning the reader role to the Azure AD application
Now that we have a new Azure AD application we need to assign read-only access. :
- Navigate to the All servicesServices page
- Select "Subscriptions" in the General category
- Select the subscription that corresponds to the environment that you want to give Data Theorem access to
- If you have multiple subscriptions, you will need to repeat this process for each subscription that you would like Data Theorem to have access to.
- Select Access control Control (IAM)
- Select Add and , then from the dropdown select Add role assignmentFor the Role field select ReaderFor the Assign access to field select Role Assignment
- Enter the following values into the form:
- Role: Reader
- Assign Access to: Azure AD user, group, or service principal
- Select: "DataTheorem" app registration (created in the previous step)
- Click Save
Step 3: Getting the Azure AD application credentials
After creating the read-only role we need to copy over the credentials so Data Theorem can access your environment. Once done you should have the following:
- Directory Application ID
- Application Directory ID
- Authentication Secret key (DO NOT share with anyone else)
Obtaining your Application ID, Directory ID and secret key
- Navigate
Go back to the "Azure Active Directory" configuration page
Select
PropertiesCopy out the Directory ID, this is also known as your Tenant ID
Obtaining your Application ID and Authentication key
- Navigate to the Azure Active Directory pageSelect App registrationsMake
App Registrations
Search for and select the app registration "Data Theorem" (this was created in an earlier step)
- If you can't find it on the list, make sure you are viewing All
- Apps and not just
- Owned Apps.
In Overview:
- Copy out the Application (client) ID.
- Copy out the
...
- Directory (tenant) ID
...
- .
Click on "Certificates and secrets"
Click on "New client secret"
- Description: “apikey”
- Expires: “Never”
Click Add
Copy out the generated
Authentication key for the “DataTheorem” entry
client secret, under the "Value" column.
Extra References
- How to: Use the portal to create an Azure AD application
- How to: Add app roles in your Azure AD application
...