How to connect an Azure account

  • 2 minute(s) read
Prev Next

This document explains the steps to integrating Azure with Cloud IAM to manage users, account, credentials and virtual machines.

Info

Cloud IAM requests only the necessary permissions to prevent excess privileges.

Requirements

Creating an Azure application

  1. Access the Azure platform and log in to your Azure account.
  2. Locate the service Microsoft Entra ID.
  3. In the left menu, click Manage > App registrations.
  4. Click New registration.
  5. In the Name* field, enter a name for the application.
  6. Select which account types can use the app or access the API.
  7. (Optional): Select the redirect URI to receive the authentication response.
  8. Click Register.

Creating a client secret

  1. Access the Azure platform and log in to your Azure account.
  2. Locate the service Microsoft Entra ID.
  3. In the left menu, click Manage > App registrations.
  4. Go to the All applications tab and select an application.
  5. In the application's left menu, click Manager > Certificates & secrets.
  6. Click New client secret.
  7. In the Description field, enter a description for the client secret.
  8. In the Expires field, select when the client secret will expire.
  9. Click Add.
Alert

After creating the client secret, make sure to copy the Value field of the client secret. Otherwise, you will have to create another secret.

Selecting API permissions

  1. Access the Azure platform and log in to your Azure account.
  2. Locate the service Microsoft Entra ID.
  3. In the left menu, click Manage > App registrations.
  4. Go to the All applications tab and select an application.
  5. In the application's left menu, click Manager > API permissions.
  6. In the Configured permissions section, select Microsoft Graph.
  7. Select the following permissions:
    1. Delegated permissions:
      1. Directory.AccessAsUser.All
    2. Application permissions
      1. Application.ReadWrite.All
      2. AppRoleAssignment.ReadWrite.All
      3. Directory.Read.All
      4. Directory.ReadWrite.All
      5. Organization.Read.All
      6. Organization.ReadWrite.All
      7. RoleManagement.ReadWrite.Directory
      8. User.ManageIdentities.All
      9. User.ReadWrite.All
  8. Click Add permissions.
  9. After adding the permissions, click Grant admin consent for [Azure Active Directory name], and click Yes.

Integrate Azure with Cloud IAM

To integrate an Azure account with Cloud IAM, see the following steps:

  1. On Segura, in the navigation bar, hover over the Products menu and select Cloud IAM.
  2. In the side menu, select Management > Accounts.
  3. In the top right corner, click Add.
  4. In the Settings tab, enter the following information:
    1. In the Name * field, enter a name for the account.
    2. (Optional): In the Description field, enter a description for the account.
    3. (Optional): In the Tags field, enter tags to help identifying the account.
  5. Click Continue.
  6. In the Azure tab, enter the following information about the Azure provider:
    1. In the Directory (tenant) ID* field, enter the directory ID obtained in Creating an Azure application.
    2. In the Application (Client ID)* field, enter the application client ID obtained in Creating an Azure application.
    3. In the Client secret value* field, enter the client secret obtained in Creating a client secret value.
    4. In the IAM section, select the desired permissions.
  7. Click Continue until you get to the Review tab.
  8. In the Review tab, verify all the information previously entered in the past tabs, and click Save.

The newly added account will appear in the Accounts report.

Do you still have questions? Reach out to the Segura Community.