Creating an Active Directory service principal

Cloud Manager must authenticate with Azure Active Directory before it can perform operations in Azure. You must create an Active Directory service principal to enable authentication. When you create the service principal, you need to copy Active Directory information so you can enter it in Cloud Manager when you create user accounts.

Before you begin

You must have the appropriate permissions in Azure to create an Active Directory application and assign the application to a role.

Microsoft Azure Documentation: Use portal to create Active Directory application and service principal that can access resources

Steps

  1. From the Azure portal, open the Azure Active Directory service.

    Screen shot: Shows the Active Directory service in Microsoft Azure

  2. In the menu, click App registrations.
  3. Create the service principal:
    1. Click Add.
    2. Enter a name for the application, keep Web app / API selected, and then enter any URL—for example, http://url
    3. Click Create.
  4. Modify the application to add the required permissions:
    1. Select the created application.
    2. Under Settings, click Required permissions and then click Add.

      Screen shot: Shows the settings for an Active Directory application in Microsoft Azure and highlights the option to add required permissions for API access.

    3. Click Select an API, select Windows Azure Service Management API, and then click Select.

      Screen shot: Shows the API to select in Microsoft Azure when adding API access to the Active Directory application. The API is the Windows Azure Service Management API.

    4. Click Access Azure Service Management as organization users, click Select and then click Done.
  5. Create a key for the service principal:
    1. Under Settings, click Keys.
    2. Enter a description, select a duration, and then click Save.
    3. Copy the key value.
      You need to enter the key value in Cloud Manager when you create user accounts for this subscription.
  6. Scroll to the left and copy the application ID for the service principal.
    Similar to the key value, you need to enter the application ID in Cloud Manager when you create user accounts for this subscription.

    Screen shot: Shows the application ID for an Azure Active Directory service principal.

  7. Obtain the Active Directory tenant ID for your organization:
    1. In the Active Directory menu, click Properties.
    2. Copy the Directory ID.

      Screen shot: Shows the Active Directory properties in the Azure portal and the Directory ID that you need to copy.

    Just like the application ID and application key, you must enter the Active Directory tenant ID when you create Cloud Manager user accounts.

Result

You should now have an Active Directory service principal and you should have copied the application ID, the application key, and the Active Directory tenant ID.

After you finish

Assign the Cloud Manager Operator role to the service principal.