Granting Azure permissions to Cloud Manager

Cloud Manager needs permissions to perform actions in Microsoft Azure. You must grant the required permissions by creating a service principal in Azure Active Directory, assigning the service principal to a custom role, and by obtaining the Azure credentials that you must enter in Cloud Manager when you create user accounts.

About this task

The following image depicts how Cloud Manager obtains permissions to perform operations in Azure. A service principal object, which is tied to an Azure subscription, represents Cloud Manager in Azure Active Directory and is assigned to a custom role that allows the required permissions.

Conceptual image that shows Cloud Manager obtaining authentication and authroization from Azure Active Directory before it can make an API call. In Active Directory, the Cloud Manager Operator role defines permissions. It is tied to an Azure subscription and a service principal object that represents the Cloud Manger application.

If you want to create multiple Cloud Manager user accounts, you have two options:
  • You can perform these steps for one Azure subscription and use the same set of Azure credentials when you create Cloud Manager user accounts.

    This means all ONTAP Cloud systems would be created using the same Azure subscripion.

  • You can perform these steps for multiple Azure subscriptions and specify unique Azure credentials for each Cloud Manager user account.

The option that you choose depends on how strict of a user policy you want to implement.